CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94
CVE-2024-48061 CRITICAL
langflow <=1.0.18 - Remote Code Execution via Unsafe Component Code Execution
CVSS 9.8
CVE-2024-48050 CRITICAL
agentscope < 0.0.4 - Remote Code Execution via is_callable_expression eval
CVSS 9.8
CVE-2024-51329 HIGH
Agile-Board 1.0 - Host Header Injection via Password Reset Link
CVSS 8.8
CVE-2024-10035 CRITICAL
BG-TEK CoslatV3 < 3.1069 - OS Command Injection
CVSS 9.8
CVE-2024-10761 MEDIUM
Umbraco CMS <= 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1 - Cross-Site Scripting via Dashboard Preview Frame Culture Parameter
CVSS 4.3
CVE-2024-48359 CRITICAL
Qualitor v8.24 - Remote Code Execution via gridValoresPopHidden Parameter
CVSS 9.8
CVE-2024-21537 HIGH
lilconfig 3.1.0 - Remote Code Execution via Insecure eval Usage in dynamicImport
CVSS 8.8
CVE-2024-51427 CRITICAL
PepeGxng Smart Contract - Remote Code Execution via Mint Function
CVSS 9.8
CVE-2024-51424 CRITICAL
PepeGxng Smart Contract - Remote Code Execution via Owned.setOwner Function
CVSS 9.8
CVE-2024-51243 HIGH
eladmin < 2.7 - Remote Code Execution via DeployController.java
CVSS 7.2
CVE-2024-42041 HIGH
AppTool-Browser-Video All Video Downloader <20-30.05.24 - XSS
CVSS 8.1
CVE-2024-51298 CRITICAL
Draytek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi doGRETunnel
CVSS 9.8
CVE-2024-9846 HIGH
Enable Shortcodes inside Widgets,Comments and Experts < 1.0.0 - Unauthenticated Arbitrary Shortcode Execution
CVSS 7.3
CVE-2024-10505 MEDIUM
wuzhicms 4.1.0 - Remote Code Injection in Block Admin Function
CVSS 6.3
CVE-2024-48138 CRITICAL
PluXml <= 5.8.16 - Remote Code Execution via Template Injection
CVSS 9.8
CVE-2024-8923 CRITICAL
ServiceNow - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2024-50498 CRITICAL
WP Query Console <= 1.0 - Remote Code Execution
CVSS 10.0
CVE-2024-50492 HIGH
Scott Paterson ScottCart <= 1.1 - Remote Code Execution
CVSS 8.3
CVE-2024-50450 HIGH
Pluginus Wordpress Meta Data And Taxonomies Filter - Code Injection
CVSS 7.3
CVE-2024-9162 HIGH
All-in-One WP Migration & Backup <7.86 - Code Injection
CVSS 7.2
CVE-2024-50611 HIGH
CycloneDX cdxgen < 11.1.7 - Remote Code Execution via Untrusted Build Files
CVSS 7.2
CVE-2024-9772 HIGH
Uix Shortcodes < 1.9.9 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode
CVSS 7.3
CVE-2024-48236 MEDIUM
ofcms 1.1.2 - Remote Code Execution via FileOutputStream in FileUtils
CVSS 6.5
CVE-2024-48235 MEDIUM
ofcms 1.1.2 - Remote Code Execution via TemplateController Save Method
CVSS 6.5
CVE-2024-37846 MEDIUM
MangoOS < 5.2.0 - Client-Side Template Injection via Platform Management Edit Page
CVSS 4.6
Details
Vulnerabilities 6,507
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits