Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-0196 MEDIUM

magic-api < 2.0.1 - Remote Code Execution via /resource/file/api/save Endpoint

CVE-2024-0195 MEDIUM

spider-flow 0.4.3 - Remote Code Execution via FunctionService.saveFunction

CVE-2023-54345 HIGH

Frappe Framework ERPNext 13.4.0 Remote Code Execution

CVE-2023-31044 LOW

Nokia Impact <Mobile 23_FP1 - Code Injection

CVE-2023-53940 HIGH

Codigo Markdown Editor 1.0.1 - Code Injection

CVE-2023-53888 HIGH

Zomplog 3.9 - Remote Code Execution

CVE-2023-53883 HIGH

Webedition CMS <2.9.8.8 - Authenticated RCE

CVE-2023-47030 CRITICAL

NCR Terminal Handler 1.5.1 - Remote Code Execution via UserService SOAP API Endpoint

CVE-2023-47032 CRITICAL

NCR Terminal Handler 1.5.1 - Remote Code Execution via UserService SOAP API

CVE-2023-48978 CRITICAL

NCR ITM Web Terminal 4.4.0 and 4.4.4 - Remote Code Execution via IP Camera URL Component

CVE-2023-7303 LOW

q2apro q2apro-on-site-notifications <1.4.6 - XSS

CVE-2023-42404 MEDIUM

OneVision Workspace < WS23.1 SR1 - Remote Code Execution via Java EL Injection

CVE-2023-43958 CRITICAL

Hospital Management System <4.0 - RCE

CVE-2023-42875 HIGH

Safari < 17.0 - Remote Code Execution via Web Content Processing

CVE-2023-51331 MEDIUM

PHPJabbers Cleaning Business Software v1.0 - Code Injection

CVE-2023-51324 MEDIUM

PHPJabbers Shared Asset Booking System v1.0 - Code Injection

CVE-2023-51320 MEDIUM

PHPJabbers Night Club Booking Software v1.0 - Code Injection

CVE-2023-51317 MEDIUM

PHPJabbers Restaurant Booking System <3.0 - XSS

CVE-2023-51313 HIGH

PHPJabbers Restaurant Booking System v3.0 - Code Injection

CVE-2023-28354 CRITICAL

Opsview Monitor Agent 6.8 - Unauthenticated Remote Code Execution via NRPE Plugin Command Injection

CVE-2023-6604 MEDIUM

FFmpeg 2.0-6.0 - Denial of Service via XBIN Demuxer

CVE-2023-6601 MEDIUM

FFmpeg HLS Demuxer - Unsafe Extension Check Bypass

CVE-2023-34990 CRITICAL

Fortinet FortiWLM 8.5.0-8.5.4 and 8.6.0-8.6.5 - Relative Path Traversal and Code Execution via Web Requests

CVE-2023-43091 CRITICAL

GNOME Maps 43.0-43.6 - Code Injection via service.json Configuration File

CVE-2023-39593 MEDIUM

MariaDB - Authenticated Command Injection via sys_exec Function

Previous Page 120 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy