CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94
CVE-2023-6395 MEDIUM
Mock - Privilege Escalation
CVSS 6.7
CVE-2023-22526 HIGH
Confluence Data Center 7.19.0-7.19.16 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2023-51282 HIGH
mingSoft MCMS <5.2.4 - Info Disclosure
CVSS 7.5
CVE-2023-43449 HIGH
HummerRisk <1.4.1 - Authenticated RCE
CVSS 8.8
CVE-2023-46226 CRITICAL
Apache IoTDB 1.0.0-1.2.2 - Remote Code Execution
CVSS 9.8
CVE-2023-51066 HIGH
QStar Archive Storage Manager RELEASE_3-0 Build 7 Patch 0 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2023-33472 HIGH
Scada-LTS <2.7.5.2 - Privilege Escalation
CVSS 8.8
CVE-2023-42833 HIGH
Safari < 17.0 - Remote Code Execution
CVSS 8.8
CVE-2023-32383 HIGH
macOS < 11.7.7 - Code Injection via Affected Binaries
CVSS 7.8
CVE-2023-7224 HIGH
OpenVPN Connect 3.0-3.4.6 - Local Code Execution via DYLD_INSERT_LIBRARIES
CVSS 7.8
CVE-2023-6540 MEDIUM
Lenovo Browser Mobile/HD - Info Disclosure
CVSS 6.5
CVE-2023-51784 CRITICAL
Apache InLong <1.10.0 - Code Injection
CVSS 9.8
CVE-2023-41783 MEDIUM
ZTE ZXCLOUD iRAI < 7.23.32 - Command Injection
CVSS 4.3
CVE-2023-39157 CRITICAL
Crocoblock JetElements For Elementor <2.6.10 - Code Injection
CVSS 9.0
CVE-2023-41544 CRITICAL
jeecg-boot < 3.5.3 - Remote Code Execution via SSTI in /jmreport/loadTableData
CVSS 9.8
CVE-2023-51420 CRITICAL
Verge3D Publishing and E-Commerce <4.5.2 - Code Injection
CVSS 9.1
CVE-2023-49830 CRITICAL
Astra Pro < 4.3.1 - Remote Code Execution
CVSS 9.9
CVE-2023-47840 CRITICAL
Qode Essential Addons < 1.5.2 - Arbitrary Plugin Installation and Activation
CVSS 9.9
CVE-2023-46623 CRITICAL
TienCOP WP EXtra <6.2 - Code Injection
CVSS 9.9
CVE-2023-45751 CRITICAL
POSIMYTH Nexter Extension <= 2.0.3 - Remote Code Execution
CVSS 9.1
CVE-2023-40606 CRITICAL
Kanban for WordPress <2.5.21 - Code Injection
CVSS 9.1
CVE-2023-32095 CRITICAL
Rename Media Files < 1.0.1 - Remote Code Execution
CVSS 9.9
CVE-2023-25054 CRITICAL
RSVPMaker < 10.6.6 - Remote Code Execution
CVSS 10.0
CVE-2023-22677 HIGH
WP Booklet < 2.1.8 - Remote Code Execution
CVSS 8.5
CVE-2023-31296 MEDIUM
Sesami CPTO <6.3.8.6 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 6,507
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits