Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-9061 HIGH

WP Popup Builder <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution

CVE-2024-48279 HIGH

PHPGurukul User Registration & Login and User Management System 3.2 - HTML Injection via Search Key Parameter

CVE-2024-45271 HIGH

Product <Version> - Privilege Escalation

CVE-2024-9837 HIGH

AADMY WordPress Plugin <=2.0.1 - Unauthenticated Shortcode Execution

CVE-2024-47826 LOW

elabftw < 5.1.5 - HTML Injection via Extended Search String

CVE-2024-48168 CRITICAL

D-Link DCS-960L 1.09 - Remote Code Execution via HNAP Service Stack Overflow

CVE-2024-41997 MEDIUM

Warp Terminal <2024.07.18 - Command Injection

CVE-2024-8760 MEDIUM

Stackable - Page Builder Gutenberg Blocks <3.13.6 - CSS Injection

CVE-2024-44414 HIGH

FBM_292W-21.03.10V - Command Injection

CVE-2024-21534 CRITICAL

jsonpath-plus < 10.2.0 - Remote Code Execution via Unsafe vm Usage

CVE-2024-9581 HIGH

Shortcodes AnyWhere <= 1.0.1 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2024-45874 CRITICAL

VegaBird Vooki 5.2.9 - Unauthenticated DLL Hijacking via Crafted DLL in Application Directory

CVE-2024-45873 CRITICAL

VegaBird Yaazhini 2.0.2 - Code Injection

CVE-2024-43363 HIGH

Cacti < 1.2.28 - Authenticated Remote Code Execution via Log Poisoning

CVE-2024-46076 CRITICAL

RuoYi < 4.7.9 - Code Injection via Code Generation Feature

CVE-2024-45933 MEDIUM

OnlineNewsSite 1.0 - Stored Cross-Site Scripting via Title and Summary Fields

CVE-2024-8254 MEDIUM

Email Subscribers by Icegram Express - RCE

CVE-2024-45186 CRITICAL

FileSender < 2.49 - Server-Side Template Injection

CVE-2024-46080 HIGH

Scriptcase < 9.10.023 - Remote Code Execution via nm_zip Function

CVE-2024-44744 MEDIUM

Malwarebytes Premium Security <5.0.0.883 - RCE

CVE-2024-28811 LOW

Infinera hiT 7300 5.60.50 - Authenticated Remote Code Execution via HTTP Invocations

CVE-2024-45200 MEDIUM

Nintendo Mario Kart 8 Deluxe <3.0.3 - Buffer Overflow

CVE-2024-9324 MEDIUM

Intelbras InControl <2.21.57 - Code Injection

CVE-2024-6983 HIGH

mudler/localai 2.17.1 - Remote Code Execution via Binary File Upload

CVE-2024-46489 HIGH

promptr 6.0.7 - Remote Code Execution via Crafted URL

Previous Page 102 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy