Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-45390 HIGH

@blakeembrey/template <1.2.0 - Code Injection

CVE-2024-42902 HIGH

LimeSurvey < 6.6.2 - Remote Code Execution via js_localize.php lng Parameter Injection

CVE-2024-7345 HIGH

Progress OpenEdge < 11.7.18 - Unauthenticated Code Injection via Local ABL Client

CVE-2024-8374 HIGH

UltiMaker Cura <5.7.2 - Code Injection

CVE-2024-45623 CRITICAL

D-Link DAP-2310 Hardware A Firmware 1.16RC028 - RCE

CVE-2024-41369 CRITICAL

Sourcefabric Phoniebox - Code Injection

CVE-2024-41368 CRITICAL

Sourcefabric Phoniebox - Code Injection

CVE-2024-41367 CRITICAL

Sourcefabric Phoniebox - Code Injection

CVE-2024-41366 CRITICAL

Sourcefabric Phoniebox - Code Injection

CVE-2024-41364 CRITICAL

Sourcefabric Phoniebox - Code Injection

CVE-2024-41361 CRITICAL

Sourcefabric Phoniebox - Code Injection

CVE-2024-43922 MEDIUM

NitroPack < 1.16.7 - Unauthenticated Code Injection via Arbitrary Shortcode Execution

CVE-2024-7720 CRITICAL

HP Security Manager - Remote Code Execution via Open-Source Library Vulnerability

CVE-2024-7656 HIGH

Image Hotspot by DevVN <1.2.5 - Code Injection

CVE-2024-42845 HIGH

InVesalius <3.1.99998 - Code Injection

CVE-2024-42756 HIGH

Netgear DGN1000WW 1.1.00.45 - Remote Code Execution via Diagnostics Page

CVE-2024-5466 HIGH

ManageEngine OpManager and OpManager MSP < 12.7 - Authenticated Remote Code Execution via Deploy Agent Option

CVE-2024-7559 HIGH

File Manager Pro < 8.3.7 - Authenticated Arbitrary File Upload via mk_file_folder_manager AJAX Action

CVE-2024-45201 HIGH

Llama Index <0.10.38 - Code Injection

CVE-2024-42599 HIGH

SeaCMS 13.0 - Authenticated Remote Code Execution via admin_files.php

CVE-2024-6386 CRITICAL

WPML < 4.6.13 - Authenticated Remote Code Execution via Twig Server-Side Template Injection

CVE-2024-40453 CRITICAL

squirrellyjs <9.0.0 - Code Injection

CVE-2024-42598 MEDIUM

SeaCMS 13.0 - Authenticated Remote Code Execution via admin_editplayer.php

CVE-2024-43404 CRITICAL

Megabot < 1.5.0 - Remote Code Execution via /math Command Expression Parameter

CVE-2024-21689 HIGH

Bamboo 9.1.0-9.2.16 - Authenticated Remote Code Execution

Previous Page 105 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy