CWE-95
Medium likelihoodImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
126 vulnerabilities with CWE-95
CVE-2023-29509
CRITICAL
Xwiki < 13.10.11 - Code Injection
CVSS 9.9
CVE-2023-29214
CRITICAL
XWiki - Code Injection
CVSS 9.9
CVE-2023-29212
CRITICAL
XWiki - Code Injection
CVSS 9.9
CVE-2023-29211
CRITICAL
XWiki - Code Injection
CVSS 9.9
CVE-2023-29210
CRITICAL
XWiki Commons - RCE
CVSS 9.9
CVE-2023-29209
CRITICAL
XWiki - RCE
CVSS 9.9
CVE-2023-0888
MEDIUM
Bbraun Battery-pack SP With Wifi Firmware - Code Injection
CVSS 4.9
CVE-2023-0090
CRITICAL
Proofpoint Enterprise Protection <8.20.0 - RCE
CVSS 9.8
CVE-2023-0089
HIGH
Proofpoint Enterprise Protection <8.20.0 - Authenticated RCE
CVSS 8.8
CVE-2023-26477
CRITICAL
XWiki Platform <13.10.10, <14.9-rc-1, <14.4.6 - Code Injection
CVSS 10.0
CVE-2022-41931
CRITICAL
xwiki-platform-icon-ui - Eval Injection
CVSS 9.9
CVE-2022-41928
CRITICAL
XWiki Platform - Eval Injection
CVSS 9.9
CVE-2022-36100
CRITICAL
XWiki Platform <14.4 - Code Injection
CVSS 9.9
CVE-2022-36099
CRITICAL
XWiki Platform Wiki UI Main Wiki <13.10.6-14.4 - Code Injection
CVSS 9.9
CVE-2022-38193
MEDIUM
Esri Portal for ArcGIS <10.8.1 - Code Injection
CVSS 6.1
CVE-2022-36010
CRITICAL
Library - Code Injection
CVSS 10.0
CVE-2021-33678
MEDIUM
SAP NetWeaver AS ABAP - Code Injection
CVSS 6.5
CVE-2021-23277
HIGH
Eaton IPM <1.69 - Code Injection
CVSS 8.3
CVE-2020-37137
MEDIUM
PHP-Fusion 9.03.50 - RCE
CVSS 6.1
CVE-2020-6650
HIGH
Eaton Ups Companion < 1.05 - Code Injection
CVSS 8.3
CVE-2020-5256
HIGH
Bookstack < 0.25.3 - Unrestricted File Upload
CVSS 7.9
CVE-2020-5217
MEDIUM
Twitter Secure Headers < 3.8.0 - Injection
CVSS 4.4
CVE-2019-9507
HIGH
Vertiv Avocent UMG-4000 <4.2.1.19 - Command Injection
CVSS 8.3
CVE-2013-10070
CRITICAL
PHP-Charts v1.0 - RCE
CVE-2013-10051
CRITICAL
InstantCMS <1.6 - RCE
CVSS 9.8
Details
Vulnerabilities
126
Exploit Likelihood
Medium