Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-7093 CRITICAL

Netflix Dispatch < v20240731 - Remote Code Execution via Jinja Template Injection

CVE-2024-41961 CRITICAL

sapcc/elektra - Authenticated Remote Code Execution via Live Search Ruby Code Injection

CVE-2024-6923 MEDIUM

CPython HTTP Header Injection in email Module

CVE-2024-37901 CRITICAL

XWiki 9.2-14.10.20 - Authenticated Remote Code Execution via SearchSuggestClass Instances

CVE-2024-37900 MEDIUM

XWiki 4.2-14.10.21 - Stored Cross-Site Scripting via Malicious Attachment Filename

CVE-2024-41304 MEDIUM

WonderCMS 3.4.3 - Remote Code Execution via SVG File Upload

CVE-2024-7218 LOW

School Log Management System 1.0 - Cross-Site Scripting via Name Parameter in save_student Action

CVE-2024-6726 HIGH

Delphix Engine <Release 25.0.0.0 - RCE

CVE-2024-41468 CRITICAL

Tenda FH1201 v1.2.0.14 - OS Command Injection via cmdinput Parameter

CVE-2024-37084 CRITICAL

Spring Cloud Data Flow < 2.11.4 - Authenticated Arbitrary File Write via Skipper Server API

CVE-2024-40495 HIGH

Linksys Router E2500 <2.0.00 - Authenticated RCE

CVE-2024-41667 HIGH

OpenAM < 15.0.4 - Template Injection via CustomLoginUrlTemplate

CVE-2024-38944 CRITICAL

Intelight X-1L Traffic controller Maxtime <1.9.6 - RCE

CVE-2024-21552 CRITICAL

SuperAGI - Arbitrary Code Execution via Unsafe eval

CVE-2024-6950 MEDIUM

Prain < 1.3.0 - Remote Code Injection via HTTP POST Request Handler

CVE-2024-6947 MEDIUM

Flute CMS 0.2.2.4-alpha - Remote Code Injection in ContentParser Notification Handler

CVE-2024-6946 MEDIUM

Flute CMS 0.2.2.4-alpha - Remote Code Injection via /admin/pages/list blocks Parameter

CVE-2024-6940 MEDIUM

DedeCMS 5.7.114 - Remote Code Injection in article_template_rand.php

CVE-2024-6936 LOW

Form Tools 3.1.1 - Remote Code Injection via Page Theme Argument

CVE-2024-39962 CRITICAL

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 - Remote Code Execution via ntp_zone_val Parameter

CVE-2024-29178 HIGH

Apache StreamPark <2.1.4 - Authenticated Remote Code Execution via Template Injection

CVE-2024-29014 HIGH

SonicWall NetExtender < 10.2.341 - Remote Code Execution via EPC Client Update

CVE-2024-39877 HIGH

Apache Airflow 2.4.0-2.9.2 - Authenticated Remote Code Execution via doc_md Parameter

CVE-2024-6807 LOW

SourceCodester Student Study Center Desk Management System 1.0 - XSS

CVE-2024-39700 CRITICAL

JupyterLab < 4.3.0 - Remote Code Execution via GitHub Actions Workflow

Previous Page 107 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy