CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94
CVE-2024-25376 HIGH
Thesycon Software Solutions Gmbh & Co. KG TUSBAudio <5.68.0 - RCE
CVSS 7.8
CVE-2024-22722 HIGH
Form Tools 3.1.1 - Command Injection
CVSS 7.2
CVE-2024-29399 HIGH
GNU Savane < 3.13 - Remote Code Execution via upload.php
CVSS 7.6
CVE-2024-30878 MEDIUM
RageFrame2 2.6.43 - Stored Cross-Site Scripting via Upload Drive Parameter
CVSS 6.1
CVE-2024-21508 CRITICAL
mysql2 < 3.9.4 - Remote Code Execution via readCodeFor Function
CVSS 9.8
CVE-2024-29937 CRITICAL
OpenBSD and FreeBSD NFS - Remote Code Execution
CVSS 9.8
CVE-2024-31996 CRITICAL
XWiki Platform <4.10.19, <15.5.4, <15.10-rc-1 - RCE
CVSS 10.0
CVE-2024-26362 HIGH
Enpass Password Manager 6.9.2 - HTML Injection via Crafted Note
CVSS 8.8
CVE-2024-31984 CRITICAL
XWiki Platform <4.10.20, 15.5.4, 15.10-rc-1 - RCE
CVSS 9.9
CVE-2024-31982 CRITICAL
XWiki Platform <4.10.20,15.5.4,15.10-rc-1 - RCE
CVSS 10.0
CVE-2024-31819 CRITICAL
WWBN AVideo 12.4-14.2 - Remote Code Execution via systemRootPath Parameter
CVSS 9.8
CVE-2024-31465 CRITICAL
XWiki 5.0-rc-1-14.10.19 - Authenticated Remote Code Execution via XWiki.SearchSuggestSourceClass Object Injection
CVSS 9.9
CVE-2024-29500 CRITICAL
Secure Lockdown Multi Application Edition <2.00.219 - RCE
CVSS 9.8
CVE-2024-3098 CRITICAL
llama-index-core < 0.10.24 - Remote Code Execution via safe_eval Function
CVSS 9.8
CVE-2024-2195 CRITICAL
Aim >=3.0.0 - Remote Code Execution via run_search_api Query Parameter
CVSS 9.8
CVE-2024-27476 MEDIUM
Leantime 3.0.6 - HTML Injection via New Ticket Dashboard
CVSS 4.7
CVE-2024-31864 CRITICAL
Apache Zeppelin <0.11.1 - Code Injection
CVSS 9.8
CVE-2024-31807 CRITICAL
TOTOLINK EX200 V4.0.3c.7646_B20201211 - RCE
CVSS 9.8
CVE-2024-31022 CRITICAL
CandyCMS 1.0.0 - Unauthenticated Remote Code Execution via install.php
CVSS 9.8
CVE-2024-25706 MEDIUM
Esri Portal for ArcGIS < 11.0 - Unauthenticated HTML Injection via Crafted URL
CVSS 6.1
CVE-2024-30565 HIGH
SeaCMS 12.9 - Remote Code Execution via admin notify.php
CVSS 8.8
CVE-2024-27705 HIGH
Leantime 3.0.6 - Stored Cross-Site Scripting via PDF File Upload
CVSS 7.6
CVE-2024-30568 CRITICAL
Netgear R6850 1.1.0.88 - OS Command Injection via c4-IPAddr Parameter
CVSS 9.8
CVE-2024-25096 CRITICAL
Canto < 3.0.7 - Unauthenticated Remote Code Execution
CVSS 10.0
CVE-2024-24707 CRITICAL
Cwicly < 1.4.0.2 - Remote Code Execution
CVSS 9.9
Details
Vulnerabilities 6,507
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits