CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94
CVE-2024-31390 CRITICAL
Soflyy Breakdance <1.7.2 - Code Injection
CVSS 9.9
CVE-2024-31380 CRITICAL
Soflyy Oxygen Builder <4.9 - Code Injection
CVSS 9.9
CVE-2024-29477 HIGH
Dolibarr ERP CRM <19.0.0 - Code Injection
CVSS 8.8
CVE-2024-27972 CRITICAL
Very Good Plugins WP Fusion Lite <3.41.24 - Command Injection
CVSS 9.9
CVE-2024-27191 HIGH
Inperstton Slivery Extender <1.0.2 - Code Injection
CVSS 8.5
CVE-2024-25918 CRITICAL
InstaWP Connect <= 0.1.0.8 - Remote Code Execution
CVSS 9.9
CVE-2024-31011 CRITICAL
beescms 4.0 - Remote Code Execution via Arbitrary File Write in admin_template.php
CVSS 9.8
CVE-2024-31005 HIGH
Bento4 1.6.0-641 - Remote Code Execution via AP4_MdhdAtom Constructor
CVSS 8.1
CVE-2024-31004 CRITICAL
Bento4 1.6.0-641 - Remote Code Execution via Ap4StsdAtom.cpp
CVSS 9.8
CVE-2024-31003 HIGH
Bento4 1.6.0-641 - Remote Code Execution via AP4_MemoryByteStream::WritePartial
CVSS 8.8
CVE-2024-29276 CRITICAL
seeyonOA <8 - Remote Code Execution
CVSS 9.8
CVE-2024-30858 CRITICAL
netentsec ns-asg_firmware 6.3 - SQL Injection via /admin/edit_fire_wall.php
CVSS 9.8
CVE-2024-30868 CRITICAL
netentsec NS-ASG 6.3 - SQL Injection via /admin/add_getlogin.php
CVSS 9.8
CVE-2024-31032 CRITICAL
Huashi Private Cloud CDN Live Streaming Acceleration Server <1.1.2 ...
CVSS 9.8
CVE-2024-29202 CRITICAL
JumpServer <3.10.7 - Code Injection
CVSS 9.9
CVE-2024-29201 CRITICAL
JumpServer <3.10.7 - Command Injection
CVSS 9.9
CVE-2024-23727 HIGH
com.kamivision.yismart <1.0.0_20231219 - XSS
CVSS 8.4
CVE-2024-28005 MEDIUM
NEC Aterm Firmware - Authenticated Remote Code Execution
CVSS 4.7
CVE-2024-2097 HIGH
Hitachi Energy MACH SCM < 4.38.3 - Authenticated LINQ Code Execution
CVSS 7.5
CVE-2024-0400 HIGH
Hitachi Energy MACH SCM < 4.38 - Authenticated LINQ Code Execution
CVSS 7.5
CVE-2024-2209 MEDIUM
HP Printer Firmware < 2349b - Authenticated DLL Hijacking via Firmware Update Utility
CVSS 6.3
CVE-2024-0866 HIGH
WordPress <1.0.9 - Unauthenticated Hook Injection
CVSS 8.1
CVE-2024-30202 HIGH
Emacs < 29.3 and Org Mode < 9.6.23 - Arbitrary Lisp Code Execution via Org Mode Activation
CVSS 7.8
CVE-2024-28386 CRITICAL
fastmag_sync < 1.7.51 - Remote Code Execution via getPhpBin() Component
CVSS 9.8
CVE-2024-23755 HIGH
ClickUp Desktop < 3.3.77 - Code Injection via Electron Fuses
CVSS 8.8
Details
Vulnerabilities 6,507
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits