Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2023-26785 CRITICAL

MariaDB 10.5 - Remote Code Execution via UDF Shared Object File

CVE-2023-31493 MEDIUM

ZoneMinder <= 1.36.33 - Remote Code Execution via Log File Creation

CVE-2023-39333 MEDIUM

Node.js < 18.18.2, 20.x < 20.8.1 - JavaScript Code Injection via WebAssembly Export Names

CVE-2023-26324 HIGH

Xiaomi GetApps 30.6.0.2 - Verification Bypass Code Execution

CVE-2023-26322 HIGH

Xiaomi GetApps 31.2.5.0 to 32.0.0.1 - Verification Bypass Code Execution

CVE-2023-50810 MEDIUM

Sonos PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL, Amp < S1 11.12/S2 15.9 - Persistent Code Injection via U-Boot setenv

CVE-2023-31315 HIGH

AMD Processors Model Specific Register - SMM Configuration Code Execution

CVE-2023-33206 MEDIUM

Diebold Nixdorf VSS <4.3.0 - Info Disclosure

CVE-2023-26877 MEDIUM

Softexpert Excellence Suite <2.1 - RCE

CVE-2023-50029 CRITICAL

PrestaAddons m4pdf <3.3.2 - Code Injection

CVE-2023-45673 HIGH

Joplin < 2.13.3 - Remote Code Execution via PDF Link Click in Note Viewer

CVE-2023-6743 HIGH

Unlimited Elements For Elementor < 1.5.89 - Authenticated Remote Code Execution via Template Import

CVE-2023-23645 CRITICAL

MainWP Code Snippets Extension <= 4.0.2 - Authenticated PHP Code Injection

CVE-2023-48643 CRITICAL

Shrubbery tac_plus 2.x-4.x through F4.0.4.28 - Remote Command Execution via TACACS+ Packet Injection

CVE-2023-35701 MEDIUM

Apache Hive 4.0.0-alpha-1 - Remote Code Execution via Malicious JDBC URL

CVE-2023-39469 HIGH

PaperCut MF and NG < 22.1.1 - Authenticated Remote Code Execution via External User Lookup

CVE-2023-51797 MEDIUM

Ffmpeg <N113007-g8d24a28d06 - Buffer Overflow

CVE-2023-50260 HIGH

Wazuh 4.2.0-4.7.1 - Authenticated Remote Code Execution via host_deny Active Response Script

CVE-2023-6494 MEDIUM

WPC Smart Quick View for WooCommerce <4.0.2 - XSS

CVE-2023-44857 HIGH

Cobham SAILOR VSAT Ku Firmware 164B019 - Remote Code Execution via Crafted Script to acu_web sub_21D24 Function

CVE-2023-44853 MEDIUM

Cobham SAILOR VSAT Ku v.164B019 - Remote Code Execution via Crafted Script to sub_219C4 Function

CVE-2023-47542 MEDIUM

FortiManager <7.4.1, <7.2.4, <7.0.10 - Code Injection

CVE-2023-45590 CRITICAL

FortiClientLinux 7.2.0, 7.0.6-7.0.10, 7.0.3-7.0.4 - Remote Code Execution via Malicious Website

CVE-2023-36645 CRITICAL

ITB-GmbH TradePro <9.5 - SQL Injection

CVE-2023-41724 HIGH

Ivanti Standalone Sentry < 9.19.0 - Unauthenticated Remote Code Execution

Previous Page 121 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy