Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-28593 MEDIUM

Moodle 4.3.3 - Unauthenticated HTML Injection in Chat Activity

CVE-2024-28119 HIGH

Grav < 1.7.45 - Authenticated Remote Code Execution via Twig Escape Function Redefinition

CVE-2024-28118 HIGH

Grav < 1.7.45 - Authenticated Remote Code Execution via Twig Extension Config Redefinition

CVE-2024-28117 HIGH

Grav < 1.7.45 - Authenticated Remote Code Execution via Twig Function Bypass

CVE-2024-28116 HIGH

Grav < 1.7.45 - Authenticated Server-Side Template Injection

CVE-2024-22724 MEDIUM

osCommerce v4 - Unauthenticated Remote Code Execution via Administrator Profile Photo Upload

CVE-2024-2016 MEDIUM

ZhiCms 4.0 - Remote Code Injection via sitename Argument in setcontroller.php

CVE-2024-25359 MEDIUM

Zuoxingdong Lagom <0.1.2 - Code Injection

CVE-2024-24520 HIGH

Lepton CMS 7.0.0 - Remote Code Execution via Upgrade.php Language Parameter

CVE-2024-28396 HIGH

MyPrestaModules orders_csv_excel_export_pro < 6.0.2 - Remote Code Execution via download.php

CVE-2024-2610 MEDIUM

Firefox <124, Firefox ESR <115.9, Thunderbird <115.9 - Info Disclosure

CVE-2024-24230 HIGH

Komm.One CMS 10.4.2.14 - Remote Code Execution via Velocity Template Injection

CVE-2024-28848 HIGH

OpenMetadata < 1.2.4 - Authenticated Remote Code Execution via SpEL Expression Injection

CVE-2024-28847 HIGH

OpenMetadata < 1.2.4 - Remote Code Execution via SpEL Expression Injection in Event Subscription

CVE-2024-28253 CRITICAL

OpenMetaData - SpEL Injection in PUT /api/v1/policies

CVE-2024-2497 MEDIUM

RaspAP raspap-webgui 3.0.9 - Code Injection

CVE-2024-27756 HIGH

GLPI < 10.0.12 - CSV Injection via Asset Title

CVE-2024-28424 HIGH

zenml 0.55.4 - Remote Code Execution via Cloudpickle Materializer File Upload

CVE-2024-23278 HIGH

iPadOS < 16.7.6 - Sandbox Escape via Code Injection

CVE-2024-0917 CRITICAL

paddlepaddle 2.6.0 - Remote Code Execution

CVE-2024-24278 HIGH

Teamwire 2.0.1-2.4.0 - Remote Code Execution via Crafted Message Payload

CVE-2024-27627 MEDIUM

SuperCali 1.1.0 - Reflected Cross-Site Scripting via Email Parameter

CVE-2024-27622 HIGH

CMS Made Simple <2.2.19/2.2.21 - RCE

CVE-2024-22188 HIGH

TYPO3 < 8.7.57 - Authenticated Command Injection via Install Tool Form Fields

CVE-2024-25293 CRITICAL

mjml_app 3.0.4 and 3.1.0-beta - Remote Code Execution via Href Attribute

Previous Page 117 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy