Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-6655 HIGH

Red Hat Enterprise Linux 8 - Code Injection via GTK Library Loading

CVE-2024-39915 CRITICAL

Thruk < 3.16 - Authenticated Remote Code Execution via PDF Report URL Parameter

CVE-2024-36456 CRITICAL

Broadcom Symantec PAM 3.4.6 and 4.1.0-4.1.7 - Unauthenticated Remote Command Execution

CVE-2024-21513 HIGH

langchain-experimental 0.0.15-<0.0.21 - Remote Code Execution via VectorSQLDatabaseChain Eval

CVE-2024-6345 HIGH

setuptools < 70.0.0 - Remote Code Execution via Package Index Download Functions

CVE-2024-40552 HIGH

PublicCMS < 4.0.202302.e - Remote Code Execution via cmdarray Parameter

CVE-2024-40546 HIGH

PublicCMS < 4.0.202302.e - Arbitrary File Upload via /admin/cmsWebFile/save

CVE-2024-40522 HIGH

SeaCMS 12.9 - Authenticated Remote Code Execution via phomebak.php Variable Injection

CVE-2024-40521 HIGH

SeaCMS 12.9 - Authenticated Remote Code Execution via admin_template.php

CVE-2024-37405 MEDIUM

Rocket.Chat - Unauthenticated NoSQL Injection in Livechat Login and History Endpoints

CVE-2024-37149 HIGH

GLPI 0.85-10.0.15 - Authenticated Remote Code Execution via Plugin Loader Hijack

CVE-2024-25077 CRITICAL

Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 - Arbitrary Code Execution via Nonce Manipulation

CVE-2024-37770 CRITICAL

14Finger v1.1 - Remote Code Execution via Fingerprint Function

CVE-2024-21832 LOW

PingFederate 11.0.0-11.0.8, 11.1.0-11.1.8, 11.2.0-11.2.7, 11.3.0-11.3.3 - JSON Injection via REST API POST Request

CVE-2024-39071 CRITICAL

Fujian Kelixun <=7.6.6.4391 - SQL Injection

CVE-2024-40735 MEDIUM

NetBox 4.0.3 - Stored Cross-Site Scripting via Power Outlet Name Parameter

CVE-2024-40726 MEDIUM

NetBox 4.0.3 - Stored Cross-Site Scripting via Power Port Name Parameter

CVE-2024-6602 CRITICAL

Firefox < 128 and ESR < 115.13 - Memory Corruption via Allocator-Deallocator Mismatch

CVE-2024-37934 MEDIUM

Ninja Forms < 3.8.4 - Code Injection via Arbitrary Shortcode Execution

CVE-2024-6365 CRITICAL

Product Table by WBW < 2.0.1 - Unauthenticated Remote Code Execution via saveCustomTitle Function

CVE-2024-22020 MEDIUM

Node.js < 18.20.4, 20.0-20.15.1, 22.0-22.4.1 - Remote Code Execution via Data URL Network Import Bypass

CVE-2024-39864 CRITICAL

Apache CloudStack 4.0.0-4.18.2.0 - Unauthenticated Remote Code Execution via Integration API Service

CVE-2024-38346 CRITICAL

Apache CloudStack 4.0.0-4.18.2.0 - Unauthenticated Remote Code Execution via Cluster Service Port

CVE-2024-39932 CRITICAL

Gogs < 0.13.0 - Argument Injection via Change Preview

CVE-2024-39165 CRITICAL

Asial JpGraph Professional <4.2.6-pro - RCE

Previous Page 108 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy