Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-45847 HIGH

MindsDB 23.11.4.2-24.7.4.1 - Remote Code Execution via UPDATE Query Eval Injection

CVE-2024-45846 HIGH

MindsDB 23.10.3.0-24.7.4.1 - Remote Code Execution via Weaviate SELECT WHERE Clause

CVE-2024-44466 CRITICAL

COMFAST CF-XR11 V2.7.2 - OS Command Injection via iface Parameter in webmgnt

CVE-2024-43469 HIGH

Azure CycleCloud 8.0.0-8.6.3 - Remote Code Execution

CVE-2024-8258 HIGH

Logitech Options Plus <1.60.496306 - Code Injection

CVE-2024-43393 HIGH

Phoenix Contact mGuard RS/FL Series < 8.9.3 - Denial of Service via Firewall Rule Environment Variable Injection

CVE-2024-43392 HIGH

Phoenix Contact mGuard Firmware < 8.9.3 - Authenticated Denial of Service via Firewall Configuration Variables

CVE-2024-43391 HIGH

Phoenix Contact mGuard Firmware < 8.9.3 - Authenticated Denial of Service via FW_PORTFORWARDING.SRC_IP

CVE-2024-43390 HIGH

Phoenix Contact mGuard RS/FL Series < 8.9.3 - Authenticated Denial of Service via FW_NAT.IN_IP Environment Variable

CVE-2024-43389 HIGH

Phoenix Contact mGuard RS/FL Series < 8.9.3 - Denial of Service via OSPF Interface Key Manipulation

CVE-2024-43388 HIGH

Phoenix Contact mGuard Firmware < 8.9.3 - Authenticated Code Injection via SNMP Service Reconfiguration

CVE-2024-6596 CRITICAL

Endress+Hauser Echo Curve Viewer and FieldCare - Code Injection via Curve Files

CVE-2024-8478 HIGH

WordPress Affiliate Super Assistent <1.5.3 - RCE

CVE-2024-8268 HIGH

WordPress Frontend Dashboard <2.2.4 - RCE

CVE-2024-44411 CRITICAL

D-Link DI-8300 v16.07.26A1 - OS Command Injection via msp_info_htm Function

CVE-2024-44410 CRITICAL

D-Link DI-8300 v16.07.26A1 - OS Command Injection via upgrade_filter_asp Function

CVE-2024-44724 HIGH

AutoCMS 5.4 - PHP Code Injection via txtsite_url Parameter

CVE-2024-39715 HIGH

Veeam Service Provider Console 8 - Authenticated Remote Code Execution via REST API File Upload

CVE-2024-39714 CRITICAL

Veeam Service Provider Console 8 - Authenticated Remote Code Execution via Arbitrary File Upload

CVE-2024-38651 HIGH

Veeam Service Provider Console - Remote Code Execution via File Overwrite

CVE-2024-8523 MEDIUM

lmxcms < 1.4 - Remote Code Injection via formatData Function

CVE-2024-7627 HIGH

Bit File Manager 6.0-6.5.5 - Unauthenticated Remote Code Execution via Temporary File Race Condition

CVE-2024-45053 CRITICAL

Fides 2.19.0-2.44.0 - Authenticated Remote Code Execution via Email Template Injection

CVE-2024-8411 LOW

ABCD ABCD2 <= 2.2.0-beta-1 - Cross-Site Scripting via Sub_Expresion Argument

CVE-2024-45507 CRITICAL

Apache OFBiz <18.12.16 - SSRF/Code Injection

Previous Page 104 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy