Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)) — Vulnerability Class 104

104 vulnerabilities classified as CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-0089 Proofpoint Enterprise Protection webutils authenticated RCE — enterprise_protection 8.8 High2023-03-08
CVE-2023-26477 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability — xwiki-platform 10.0 Critical2023-03-02
CVE-2022-41928 XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml — xwiki-platform 9.9 Critical2022-11-23
CVE-2022-41931 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui — xwiki-platform 9.9 Critical2022-11-23
CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection — xwiki-platform 9.9 Critical2022-09-08
CVE-2022-36099 XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability — xwiki-platform 9.9 Critical2022-09-08
CVE-2022-38193 Code injection issue in Portal for ArcGIS (10.7.1 and 10.8.1) — Portal for ArcGIS 6.1 Medium2022-08-16
CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree — react-editable-json-tree 10.0 Critical2022-08-15
CVE-2021-33678 SAP NetWeaver AS ABAP 代码注入漏洞 — SAP NetWeaver AS ABAP (Reconciliation Framework) 6.5 -2021-07-14
CVE-2021-23277 Improper Neutralization of Directives in Dynamically Evaluated Code — Intelligent Power manager (IPM) 8.3 High2021-04-13
CVE-2019-9507 The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to arbitrary remote code execution — Avocent UMG-4000 8.3 High2020-03-30
CVE-2020-6650 Arbitrary code execution through “Update Manager” Class — UPS Companion Software 8.3 High2020-03-23
CVE-2020-5256 Remote Code Execution Through Image Uploads in BookStack — BookStack 7.9 High2020-03-09
CVE-2020-5217 Directive injection when using dynamic overrides with user input in RubyGems secure_headers — secure_headers 4.4 Medium2020-01-23

Vulnerabilities classified as CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)) represent 104 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.