Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2023-41503 CRITICAL

Student Enrollment In PHP v1.0 - SQL Injection

CVE-2023-51801 CRITICAL

Simple Student Attendance System <1.0 - RCE

CVE-2023-50379 HIGH

Apache Ambari < 2.7.8 - Authenticated Code Injection

CVE-2023-24333 HIGH

Tenda AC21 <US_AC21V1.0re_V16.03.08.15_cn_TDC01 - Memory Corruption

CVE-2023-51770 HIGH

Apache DolphinScheduler <3.2.1 - Info Disclosure

CVE-2023-49109 CRITICAL

Apache DolphinScheduler <3.2.1 - RCE

CVE-2023-52381 CRITICAL

Huawei EMUI and HarmonyOS - Script Injection in Email Module

CVE-2023-50808 MEDIUM

Zimbra Collaboration < 9.0.0 - DOM-based Cross-Site Scripting in Modern UI

CVE-2023-42374 CRITICAL

Sui < 1.6.3 - Remote Code Execution and Denial of Service via Crafted Compressed Script

CVE-2023-45735 HIGH

Westermo Lynx L206-F2G Firmware - Remote Code Execution

CVE-2023-6996 HIGH

Post and User Profile Fields <= 1.2.1 - Authenticated Code Injection via vg_display_data Shortcode

CVE-2023-6846 HIGH

File Manager Pro < 8.3.4 - Authenticated Arbitrary File Upload via mk_check_filemanager_php_syntax AJAX Function

CVE-2023-5800 MEDIUM

AXIS OS < 11.8.61, 2020 < 9.80.55, 2022 < 10.12.220 - Authenticated RCE via VAPIX API

CVE-2023-5677 MEDIUM

AXIS Camera Firmware < 5.51.7.7 - Authenticated Remote Code Execution via VAPIX API tcptest.cgi

CVE-2023-51820 MEDIUM

Blurams Lumi Security Camera <2.3.38.12558 - RCE

CVE-2023-50488 CRITICAL

Blurams Lumi Security Camera A31C Firmware 23.0406.435.4120 - Remote Code Execution

CVE-2023-47257 HIGH

ConnectWise ScreenConnect < 23.8.5 - Remote Code Execution via Man-in-the-Middle Attack

CVE-2023-37518 MEDIUM

HCL BigFix ServiceNow Data Flow < 1.3 - Authenticated Code Injection

CVE-2023-52251 HIGH

Kafka UI Unauthenticated Remote Command Execution via the Groovy Filter option.

CVE-2023-24676 HIGH

ProcessWire 3.0.210 - Authenticated Remote Code Execution via Module Installation

CVE-2023-31037 HIGH

NVIDIA Bluefield 2-Bluefield 3 DPU BMC - Code Injection

CVE-2023-36177 CRITICAL

badaix snapcast < 0.27.0 - Remote Code Execution via JSON-RPC-API

CVE-2023-50447 HIGH

Pillow < 10.1.0 - Remote Code Execution via PIL.ImageMath.eval Environment Parameter

CVE-2023-6548 MEDIUM KEV

NetScaler ADC & NetScaler Gateway - Code Injection

CVE-2023-22514 HIGH

Atlassian Sourcetree 3.4.0-3.4.14 and 4.1.0-4.2.4 - Unauthenticated Remote Code Execution

Previous Page 122 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy