Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-37845 HIGH

MangoOS < 5.2.0 - Authenticated Remote Code Execution via Active Process Command

CVE-2024-48700 HIGH

Kliqqi-CMS < 3.5.2 - Remote Code Execution via edit_page.php

CVE-2024-48655 HIGH

Total.js CMS 1.0 - Remote Code Execution via func.js File

CVE-2024-48581 CRITICAL

Best Courier Management System 1.0 - Remote Code Execution via Admin Class File Upload

CVE-2024-48579 CRITICAL

Best House Rental Management System 1.0 - SQL Injection via Login Username Parameter

CVE-2024-48204 CRITICAL

Hanzhou Haobo network management system 1.0 - RCE

CVE-2024-47158 MEDIUM

N-LINE < 2.0.6 - Remote Code Execution

CVE-2024-47879 HIGH

OpenRefine < 3.8.3 - Cross-Site Request Forgery via Preview Expression Command

CVE-2024-48514 CRITICAL

php-heic-to-jpg <= 1.0.5 - Remote Code Execution via HEIC Image Filename

CVE-2024-48964 HIGH

Snyk CLI < 1.1294.0 - Code Injection via Gradle Project Directory Handling

CVE-2024-20485 MEDIUM

Cisco Adaptive Security Appliance Software - Authenticated Remote Code Execution via Crafted Backup File

CVE-2024-9050 HIGH

Red Hat Enterprise Linux NetworkManager-libreswan - Local Privilege Escalation via VPN Configuration Injection

CVE-2024-41714 HIGH

Mitel MiCollab < 9.8.1.5 & MiVoice Business < 1.0.0.27 - Authenticated Command Injection

CVE-2024-41712 MEDIUM

Mitel MiCollab <= 9.8.1.5 - Authenticated Command Injection in Web Conferencing Component

CVE-2024-35315 MEDIUM

Mitel Micollab < 9.7.1.110 - Code Injection

CVE-2024-35314 CRITICAL

Mitel MiCollab <= 9.7.1.110 & MiVoice Business Virtual Instance 1.0.0.25 - Unauthenticated Command Injection

CVE-2024-10131 HIGH

ragflow 0.11.0 - Remote Code Execution via add_llm Function

CVE-2024-9593 HIGH

Time Clock and Time Clock Pro <= 1.2.2 - Unauthenticated Remote Code Execution via etimeclockwp_load_function_callback

CVE-2024-9264 CRITICAL

Grafana 11.0.0-11.0.5 - Authenticated Command Injection via DuckDB SQL Expressions

CVE-2024-27766 MEDIUM

MariaDB 11.1 - Remote Code Execution via lib_mysqludf_sys.so Function

CVE-2024-10073 MEDIUM

flairNLP flair 0.14.0 - Code Injection

CVE-2024-45766 HIGH

Dell OpenManage Enterprise < 4.2.0 - Authenticated Remote Code Execution

CVE-2024-48744 MEDIUM

PHPGurukul Teachers Record Management System 2.1 - Reflected Cross-Site Scripting via Search Input Parameter

CVE-2024-49254 CRITICAL

ajax-extend <= 1.0 - Remote Code Execution

CVE-2024-49271 CRITICAL

Unlimited Elements For Elementor < 1.5.121 - Remote Code Execution via Untrusted Data Deserialization

Previous Page 101 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy