Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-6507 HIGH

Deep Lake - OS Command Injection via Kaggle Dataset Ingestion

CVE-2024-33871 HIGH

Artifex Ghostscript < 10.03.1 - Remote Code Execution via Custom Driver Library

CVE-2024-39844 CRITICAL

ZNC < 1.9.1 - Remote Code Execution via modtcl KICK Command

CVE-2024-25086 HIGH

Jungo WinDriver <12.2.0 - Privilege Escalation

CVE-2024-39236 CRITICAL

Gradio 4.36.1 - Code Injection via Component Meta

CVE-2024-36401 CRITICAL KEV

Geoserver unauthenticated Remote Code Execution

CVE-2024-6376 HIGH

MongoDB Compass <1.42.2 - Code Injection

CVE-2024-39017 CRITICAL

agreejs shared 0.0.1 - Prototype Pollution via mergeInternalComponents

CVE-2024-39015 CRITICAL

cafebazaar hod <0.4.14 - Code Injection

CVE-2024-39002 MEDIUM

jsonic-next 2.12.1 - Prototype Pollution via util.clone Function

CVE-2024-38993 CRITICAL

jsonic - Prototype Pollution via empty Function

CVE-2024-38990 MEDIUM

Tada5hi sp-common <0.5.4 - Code Injection

CVE-2024-3995 LOW

Helix ALM <2024.2.0 - Command Injection

CVE-2024-39209 MEDIUM

luci-app-sms-tool <1.9.6 - Command Injection

CVE-2024-36075 MEDIUM

CoSoSys Endpoint Protector <5.9.3 & Unify agent <7.0.6 - RCE

CVE-2024-36074 HIGH

CoSoSys Endpoint Protector <= 5.9.3 and Unify <= 7.0.6 - Remote Code Execution via EasyLock Dependency

CVE-2024-5979 HIGH

h2o 3.46.0 - Denial of Service via run_tool Command in rapids Component

CVE-2024-5826 CRITICAL

vanna - Remote Code Execution via Prompt Injection in vanna.ask Function

CVE-2024-5751 CRITICAL

litellm < 1.40.16 - Remote Code Execution via Malicious Payload to /config/update Endpoint

CVE-2024-39669 CRITICAL

Soffid IAM < 3.5.39 - Remote Code Execution via Unsafe Java Object Handling

CVE-2024-6344 LOW

ZKTeco ZKBio CVSecurity V5000 4.1.0 - XSS

CVE-2024-37855 HIGH

Nepstech Wifi Router xpon NTPL-Xpon1GFEVN 2.0.1 - Unauthenticated Remote Code Execution via Telnet Port 2345

CVE-2024-6206 HIGH

HPE Athonet Mobile Core - Code Injection

CVE-2024-4884 CRITICAL

WhatsUp Gold < 23.1.3 - Unauthenticated Remote Code Execution via CommunityController

CVE-2024-4883 CRITICAL

Progress WhatsUp Gold < 23.1.3 - Unauthenticated Remote Code Execution via NmApi.exe

Previous Page 109 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy