Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-37849 CRITICAL

itsourcecode Billing System 1.0 - SQL Injection via Username Parameter

CVE-2024-1577 CRITICAL

MegaBIP <= 5.11.2 - Unauthenticated Remote Code Execution via PHP File Upload

CVE-2024-5834 HIGH

Google Chrome < 126.0.6478.54 - Remote Code Execution via Dawn Implementation

CVE-2024-34405 CRITICAL

McAfee Security: Antivirus VPN <8.3.0 - Open Redirect

CVE-2024-27857 HIGH

Apple iOS, macOS, tvOS, and visionOS - Remote Code Execution via Out-of-Bounds Access

CVE-2024-37014 CRITICAL

Langflow < 0.6.19 - Remote Code Execution via Custom Component Endpoint

CVE-2024-34761 HIGH

WPENGINE INC Advanced Custom Fields PRO <6.2.10 - Code Injection

CVE-2024-36531 MEDIUM

nukeviet and nukeviet-egov < 4.5.05 and < 1.2.02 - Remote Code Execution via Admin Extensions Upload

CVE-2024-3408 CRITICAL

CVE-2024-4889 HIGH

litellm < 1.44.16 - Code Injection via UI_LOGO_PATH and SAVE_CONFIG_TO_DB Environment Variables

CVE-2024-4194 MEDIUM

The Album & Image Gallery plus Lightbox <2.0 - RCE

CVE-2024-37273 CRITICAL

Jan v0.4.12 - Arbitrary File Upload via /v1/app/appendFileSync Interface

CVE-2024-25600 CRITICAL

Unauthenticated Remote Code Execution - Bricks <= 1.9.6

CVE-2024-37061 HIGH

MLflow >= 1.11.0 - Remote Code Execution via Malicious MLproject

CVE-2024-36568 CRITICAL

Sourcecodester Gas Agency Management System v1.0 - SQL Injection

CVE-2024-36120 HIGH

javascript-deobfuscator <1.1.0 - RCE

CVE-2024-5565 HIGH

Vanna - Remote Code Execution via Prompt Injection

CVE-2024-23692 CRITICAL KEV

Rejetto HTTP File Server - Template injection

CVE-2024-3924 MEDIUM

huggingface/text-generation-inference <= 2.0.0 - Remote Code Execution via GitHub Actions Workflow

CVE-2024-35226 HIGH

Smarty 3.0.0-4.5.2 and 5.0.0-5.1.0 - PHP Code Injection via Extends Tag Filename

CVE-2024-35581 MEDIUM

Sourcecodester Laboratory Management System 1.0 - Stored Cross-Site Scripting via Borrower Name Input

CVE-2024-23601 CRITICAL

AutomationDirect P3-550E 1.2.10.9 - Arbitrary Code Execution via Crafted scan_lib.bin

CVE-2024-28886 HIGH

UTAU < 0.4.19 - OS Command Injection via Crafted UST File

CVE-2024-5407 CRITICAL

RhinOS 3.0-1190 - Remote Code Execution via Search Parameter

CVE-2024-35339 CRITICAL

Tenda FH1206 V1.2.0.8(8155) - OS Command Injection via mac Parameter

Previous Page 111 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy