CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94
CVE-2024-32491 CRITICAL
Znuny <6.5.7, 7.0.16 - Path Traversal
CVSS 9.8
CVE-2024-31621 HIGH
Flowise < 1.6.5 - Remote Code Execution via API v1 Component
CVSS 7.6
CVE-2024-32404 MEDIUM
inducer relate < 2024.1 - Server-Side Template Injection via Markup Sandbox Feature
CVSS 6.0
CVE-2024-22633 CRITICAL
Setor Informatica S.I.L. 388 - Remote Code Execution via hprinter Parameter
CVSS 9.8
CVE-2024-22632 CRITICAL
Setor Informatica S.I.L. 388 - Remote Code Execution via hmsg Parameter
CVSS 9.8
CVE-2024-32358 HIGH
Jpress 5.1.0 - Remote Code Execution via Custom Plugin Module
CVSS 7.5
CVE-2024-25624 MEDIUM
IRIS <2.4.6 - Authenticated Remote Code Execution via Report Template SSTI
CVSS 6.8
CVE-2024-31266 CRITICAL
AlgolPlus Advanced Order Export For WooCommerce <3.4.4 - Code Injec...
CVSS 9.1
CVE-2024-22144 CRITICAL
Eli Scheetz Anti-Malware Security and Brute-Force Firewall <4.21.96...
CVSS 9.0
CVE-2024-20359 MEDIUM KEV
Cisco ASA/FTD - Privilege Escalation
CVSS 6.0
CVE-2024-21511 CRITICAL
mysql2 < 3.9.7 - Arbitrary Code Injection via Timezone Parameter
CVSS 9.8
CVE-2024-4040 CRITICAL KEV
CrushFTP < 10.7.1 - Unauthenticated Server-Side Template Injection
CVSS 9.8
CVE-2024-31666 CRITICAL
flusity-CMS 2.33 - Remote Code Execution via edit_addon_post.php
CVSS 9.8
CVE-2024-28699 HIGH
pdf2json v0.70 - Buffer Overflow via GString::copy() and ImgOutputDev::ImgOutputDev
CVSS 7.8
CVE-2024-29991 MEDIUM
Microsoft Edge Chromium < 124.0.2478.51 - Security Feature Bypass
CVSS 5.0
CVE-2024-30923 CRITICAL
derbynet < 9.0 - Remote Code Execution via SQL Injection in Racer Document Rendering
CVSS 9.8
CVE-2024-32599 CRITICAL
WP Dummy Content Generator <3.2.1 - Code Injection
CVSS 10.0
CVE-2024-3931 LOW
Totara LMS < 13.46 - Cross-Site Scripting via User Selector ID Number Parameter
CVSS 3.5
CVE-2024-3660 CRITICAL
Keras < 2.13.1 - Arbitrary Code Injection via Model Loading
CVSS 9.8
CVE-2024-30567 MEDIUM
JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 - RCE
CVSS 6.3
CVE-2024-31648 MEDIUM
Insurance Management System v1.0 - XSS
CVSS 6.1
CVE-2024-3786 MEDIUM
WBSAirback 21.02.04 - Remote Code Execution via Device Synchronization SSI Injection
CVSS 6.6
CVE-2024-3785 MEDIUM
WBSAirback 21.02.04 - Remote Code Execution via Device NAS Shared Section
CVSS 6.6
CVE-2024-3784 MEDIUM
WBSAirback 21.02.04 - Remote Code Execution via S3 Accounts SSI Injection
CVSS 6.6
CVE-2024-30845 MEDIUM
Rainbow external link network disk 5.5 - Remote Code Execution via Input Parameter Validation Component
CVSS 6.1
Details
Vulnerabilities 6,507
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits