Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-4039 MEDIUM

The Orders Tracking for WooCommerce <1.2.11 - RCE

CVE-2024-4038 MEDIUM

WooCommerce Waitlist Pro <5.3.1 - RCE

CVE-2024-3788 MEDIUM

WBSAirback 21.02.04 - Remote Code Execution via License Endpoint SSI Injection

CVE-2024-3787 MEDIUM

WBSAirback 21.02.04 - Remote Code Execution via S3 Disk Server-Side Include Injection

CVE-2024-34225 MEDIUM

Computer Laboratory Management System <1.0 - XSS

CVE-2024-29513 HIGH

BlueRiSC WindowsSCOPE Cyber Forensics <3.3 - RCE, DoS

CVE-2024-27793 HIGH

iTunes for Windows < 12.13.2 - Remote Code Execution via File Parsing

CVE-2024-4135 MEDIUM

WP Latest Posts <= 5.0.7 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2024-29209 MEDIUM

KnowBe4 Phish Alert Button for Outlook 1.10.0-1.10.11 - Remote Code Execution via Unauthenticated Update Mechanism

CVE-2024-30973 HIGH

V-SOL G/EPON ONU HG323AC-B V2.0.08-210715 - RCE

CVE-2024-33294 CRITICAL

PHP/MySQL Library System V1.0 - Remote Code Execution via _FAILE Variable

CVE-2024-34461 CRITICAL

Zenario <9.5.60437 - Code Injection

CVE-2024-33394 MEDIUM

kubevirt < 1.2.0 - Remote Code Execution via Token Component

CVE-2024-3957 MEDIUM

Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution

CVE-2024-3734 MEDIUM

FOX - Currency Switcher Professional for WooCommerce <1.4.1.8 - RCE

CVE-2024-29309 HIGH

Alfresco Content Services <23.3.0.7 - RCE

CVE-2024-3955 CRITICAL

Pypi Cbpi4 < 4.4.1.a1 - Code Injection

CVE-2024-33430 HIGH

phiola v2.0-rc22 - Remote Code Execution via Crafted WAV File

CVE-2024-33442 MEDIUM

flusity-CMS 2.33 - Remote Code Execution via add_post.php

CVE-2024-28893 HIGH

HP SoftPaqs - Arbitrary Code Execution via Modified Configuration File

CVE-2024-33443 HIGH

onethink 1.1 - Remote Code Execution via AddonsController.class.php

CVE-2024-31823 HIGH

Ecommerce-CodeIgniter-Bootstrap - Remote Code Execution via Publish.php removeSecondaryImage Method

CVE-2024-31822 CRITICAL

Ecommerce-CodeIgniter-Bootstrap <d22b54e - RCE

CVE-2024-33445 CRITICAL

hisiphp 2.0.111 - Remote Code Execution via SystemPlugins::mkInfo Parameter

CVE-2024-32492 HIGH

Znuny 7.0.1-7.0.16 - Stored Cross-Site Scripting in Customer Ticket Detail View

Previous Page 113 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy