Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-24396 MEDIUM

Stimulsoft Dashboard.JS < 2024.1.2 - Remote Code Execution via Search Bar Component

CVE-2024-24469 HIGH

flusity-CMS 2.33 - Cross-Site Request Forgery to Code Execution via delete_post.php

CVE-2024-25089 CRITICAL

Malwarebytes Binisoft Windows Firewall Control <6.9.9.2 - RCE

CVE-2024-22533 CRITICAL

Before Beetl <3.15.12 - Code Injection

CVE-2024-23746 CRITICAL

Miro Desktop 0.8.18 - Local Code Injection via Electron App Bundle Manipulation

CVE-2024-22899 HIGH

Vinchin Backup & Recovery <7.2 - Authenticated RCE

CVE-2024-0325 LOW

Helix Sync < 2024.1 - Local Command Injection

CVE-2024-1117 HIGH

openBI < 1.0.8 - Remote Code Injection via Screen.php fileurl Parameter

CVE-2024-21649 HIGH

vantage6 < 4.2.0 - Authenticated Remote Code Execution via Algorithm Environment Variables

CVE-2024-1015 CRITICAL

SE-elektronic E-DDC3.3 Firmware 03.07.03 and higher - Remote Code Execution via Web Configuration

CVE-2024-23742 CRITICAL

Loom < 0.196.1 - Remote Code Execution via RunAsNode and enableNodeClilnspectArguments

CVE-2024-23741 CRITICAL

Hyper < 3.4.1 - Remote Code Execution via RunAsNode and enableNodeClilnspectArguments

CVE-2024-0755 HIGH

Firefox < 122, Firefox ESR < 115.7, Thunderbird < 115.7 - Memory Corruption and Remote Code Execution

CVE-2024-23208 HIGH

iPadOS < 17.3 - Remote Code Execution with Kernel Privileges

CVE-2024-23750 HIGH

MetaGPT <= 0.6.4 - Remote Code Execution via QaEngineer Role

CVE-2024-0521 HIGH

Paddlepaddle paddle - Code Injection

CVE-2024-0738 MEDIUM

mldong 1.0 - Remote Code Injection in DecisionModel ExpressionEngine

CVE-2024-21674 HIGH

Confluence Data Center and Server 7.19.0-7.19.17 - Unauthenticated Remote Code Execution

CVE-2024-21673 HIGH

Confluence Data Center and Server 7.19.0-7.19.17 - Authenticated Remote Code Execution

CVE-2024-21672 HIGH

Confluence Data Center and Server 7.19.0-7.19.17 and 8.5.0-8.5.4 - Unauthenticated Remote Code Execution

CVE-2024-0252 HIGH

ManageEngine ADSelfService Plus <= 6401 - Authenticated Remote Code Execution in Load Balancer Component

CVE-2024-21643 HIGH

Microsoft IdentityModel Extensions < 6.34.0 - Remote Code Execution via SignedHttpRequest Protocol

CVE-2024-21737 HIGH

SAP Application Interface Framework File Adapter 702 - Authenticated OS Command Injection

CVE-2024-21646 CRITICAL

Azure uAMQP < 2024-01-01 - Remote Code Execution via Crafted Binary Type Data

CVE-2024-21650 CRITICAL

XWiki < 4.10.20 - Remote code execution

Previous Page 119 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy