Vulnerabilities > Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-10-30 CVE-2024-8512 The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function.
network
low complexity
CWE-95
critical
 9.1
9.1
2023-07-14 CVE-2023-37462 Eval Injection vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-95
8.8
8.8
2023-04-16 CVE-2023-29511 Eval Injection vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-95
8.8
8.8
2022-11-23 CVE-2022-41931 Eval Injection vulnerability in Xwiki
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection').
network
low complexity
xwiki CWE-95
8.8
8.8
2022-11-23 CVE-2022-41928 Eval Injection vulnerability in Xwiki
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml.
network
low complexity
xwiki CWE-95
8.8
8.8
2021-07-14 CVE-2021-33678 Eval Injection vulnerability in SAP Netweaver Application Server Abap
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-95
6.5
6.5