CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94
CVE-2024-37109 CRITICAL
WishList Member X < 3.26.7 - Authenticated PHP Code Injection
CVSS 9.9
CVE-2024-5683 CRITICAL
Next4Biz CRM & BPM <6.6.4.5 - Code Injection
CVSS 9.8
CVE-2024-3121 LOW
lollms 5.9.0 - Remote Code Execution via create_conda_env Function
CVSS 3.3
CVE-2024-39331 CRITICAL
Emacs < 29.4 - Remote Code Execution via Org Mode Link Abbreviation Expansion
CVSS 9.8
CVE-2024-38319 HIGH
IBM Security SOAR <51.0.2.0 - Code Injection
CVSS 7.5
CVE-2024-37899 CRITICAL
XWiki Platform 13.10.3-14.10.20 - Authenticated Remote Code Execution via User Profile Disabling
CVSS 9.0
CVE-2024-33335 MEDIUM
H3C SeaSQL DWS V2.0 - Remote Code Execution via Crafted File
CVSS 6.3
CVE-2024-28397 MEDIUM
pyload-ng js2py - Remote Code Execution
CVSS 5.3
CVE-2024-3562 HIGH
Custom Field Suite <2.6.7 - Code Injection
CVSS 8.8
CVE-2024-36679 CRITICAL
Module Live Chat Pro <8.4.0 - Code Injection
CVSS 10.0
CVE-2024-32030 HIGH
Kafka UI < 0.7.2 - Remote Code Execution via JMX Deserialization
CVSS 8.1
CVE-2024-37124 CRITICAL
Ricoh Streamline NX PC Client - Code Injection
CVSS 9.8
CVE-2024-37821 HIGH
Dolibarr ERP CRM < 19.0.2 - Arbitrary File Upload and Remote Code Execution via Upload Template Function
CVSS 8.8
CVE-2024-36575 CRITICAL
getsetprop 1.1.0 - Remote Code Execution via Prototype Pollution
CVSS 9.8
CVE-2024-36581 HIGH
abw badger-database 1.2.1 - Remote Code Execution via Prototype Pollution
CVSS 7.6
CVE-2024-38396 CRITICAL
iTerm2 3.5.0-3.5.1 - Remote Code Execution via Window Title Escape Sequence
CVSS 9.8
CVE-2024-38458 HIGH
XenForo < 2.2.16 - Code Injection
CVSS 8.8
CVE-2024-38448 CRITICAL
htags in GNU Global <6.6.12 - Code Injection
CVSS 9.1
CVE-2024-38395 CRITICAL
iTerm2 3.5.0-3.5.1 - Remote Code Execution via Window Title Reporting
CVSS 9.8
CVE-2024-6006 LOW
ZKTeco ZKBio CVSecurity V5000 4.1.0 - Cross-Site Scripting via Summer Schedule Handler
CVSS 3.5
CVE-2024-6005 LOW
ZKTeco ZKBio CVSecurity V5000 4.1.0 - Cross-Site Scripting via Department Name
CVSS 3.5
CVE-2024-3105 CRITICAL
AdSense Ads <2.5.0 - Authenticated RCE
CVSS 9.9
CVE-2024-36598 HIGH
Aegon Life 1.0 - Remote Code Execution via Crafted Image File Upload
CVSS 8.1
CVE-2024-37885 LOW
Nextcloud Desktop < 3.12.0 - Code Injection via DYLD_INSERT_LIBRARIES
CVSS 3.8
CVE-2024-32925 HIGH
Android - Remote Code Execution via Missing Bounds Check in dhd_prot_txstatus_process
CVSS 8.8
Details
Vulnerabilities 6,507
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits