Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-43202 CRITICAL

Apache DolphinScheduler <3.2.2 - RCE

CVE-2024-7899 MEDIUM

InnoCMS 0.3.1 - Remote Code Injection in Backend Page Edit

CVE-2024-42634 CRITICAL

Tenda AC9 <15.03.06.42 - Command Injection

CVE-2024-42739 HIGH

TOTOLINK X5000r v9.1.0cu.2350_b20230313 - Command Injection

CVE-2024-41623 CRITICAL

D3D Security D8801 Firmware V9.1.17.1.4-20180428 - Code Injection via Crafted Payload

CVE-2024-37287 CRITICAL

Kibana 7.7.0-7.17.23 - Authenticated Remote Code Execution via Prototype Pollution in ML and Alerting Connector Features

CVE-2024-43128 MEDIUM

WC Product Table <3.5.1 - Code Injection

CVE-2024-7094 CRITICAL

JS Help Desk & Support Plugin <2.8.7 - RCE

CVE-2024-42745 HIGH

TOTOLINK X5000r v9.1.0cu.2350_b20230313 - Command Injection

CVE-2024-41651 HIGH

PrestaShop < 8.1.7 - Server-Side Request Forgery via Module Upgrade Functionality

CVE-2024-5651 HIGH

Fence Agents Remediation 0.4 for RHEL 8 - Remote Code Execution via SSH/TELNET Path Arguments

CVE-2024-40487 HIGH

Kashipara Live Membership System <1.0 - XSS

CVE-2024-22123 LOW

Zabbix 5.0.0-5.0.41 - Arbitrary File Write via SMS Media GSM Modem File Setting

CVE-2024-22116 CRITICAL

Zabbix 6.4.9-6.4.14 - Authenticated Remote Code Execution via Ping Script Parameter Injection

CVE-2024-37382 HIGH

Ab Initio Metadata Hub and Authorization Gateway < 4.3.1.1 - Remote Code Execution via Import Host Feature

CVE-2024-42356 HIGH

Shopware <6.6.5.1-6.5.8.13 - Code Injection

CVE-2024-42355 HIGH

Shopware <6.6.5.1-6.5.8.13 - Code Injection

CVE-2024-3958 MEDIUM

GitLab < 17.0.6, 17.1 < 17.1.4, 17.2 < 17.2.2 - Code Injection via Repository Display Discrepancy

CVE-2024-6891 HIGH

journyx - Authenticated Python Code Injection during Login

CVE-2024-42393 CRITICAL

Soft AP Daemon Service - Unauthenticated RCE

CVE-2024-7520 HIGH

Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1 - Remote Code Execution via WebAssembly Type Confusion

CVE-2024-34344 HIGH

Nuxt 3.4.0-3.12.4 - Remote Code Execution via Test Component Path Parameter

CVE-2024-22169 HIGH

WD Discovery <5.0.589 - Code Injection

CVE-2024-41127 HIGH

monkeytype < 24.30.0 - Poisoned Pipeline Execution via GitHub Workflow Artifact Injection

CVE-2024-36268 CRITICAL

Apache InLong <1.12.0 - Code Injection

Previous Page 106 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy