Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2023-7148 MEDIUM

ShifuML shifu 0.12.0 - Code Injection via FilterExpression in DataPurifier

CVE-2023-46987 HIGH

SeaCMS v12.9 - Remote Code Execution via adminip.php Component

CVE-2023-49001 CRITICAL

Indi Browser <12.11.23 - Auth Bypass

CVE-2023-49000 CRITICAL

ArtistScope ArtisBrowser <34.1.5 - Auth Bypass

CVE-2023-47883 CRITICAL

vladymix/tv_browser < 4.5.1 - JavaScript Code Execution via Exposed MainActivity

CVE-2023-43955 CRITICAL

TV Bro <=2.0.0 - Code Execution via WebView External Intents

CVE-2023-43481 CRITICAL

Shenzhen TCL Browser TV Web BrowseHere <6.65.022 - XSS

CVE-2023-7101 HIGH KEV

Spreadsheet::ParseExcel < 0.65 - Remote Code Execution via Number Format String Eval

CVE-2023-51387 HIGH

Hertzbeat <1.4.1 - Command Injection

CVE-2023-51018 CRITICAL

TOTOlink EX1800T <9.1.0cu.2112_B20220316 - Command Injection

CVE-2023-51015 CRITICAL

TOTOLINX EX1800T <9.1.0cu.2112_B20220316 - Command Injection

CVE-2023-51026 CRITICAL

TOTOlink EX1800T V9.1.0cu.2112_B20220316 - Command Injection

CVE-2023-49391 HIGH

free5gc 3.3.0 - Remote Code Execution and Denial of Service via NGAP Message

CVE-2023-7035 LOW

Automad < 1.10.9 - Stored Cross-Site Scripting via Sitename Parameter

CVE-2023-49032 CRITICAL

LTB Self Service Password <1.5.4 - RCE

CVE-2023-49004 CRITICAL

D-Link DIR-850L B1_FW223WWb01 en Parameter - Remote Code Execution

CVE-2023-6691 HIGH

Cambium ePMP Force 300-25 4.7.0.1 - Remote Code Execution

CVE-2023-32728 MEDIUM

Zabbix Agent2 5.0.0-5.0.37 - Remote Code Execution via smart.disk.get Item Key

CVE-2023-6899 MEDIUM

rmountjoy92 DashMachine 0.5-4 - Code Injection via Config Handler value_template

CVE-2023-6886 MEDIUM

wangmarket 6.1 - Code Injection in Role Management Page

CVE-2023-6851 MEDIUM

KodExplorer < 4.52.01 - Remote Code Injection in ZIP Archive Handler

CVE-2023-50723 CRITICAL

XWiki Platform 2.3-14.10.5 - Authenticated Remote Code Execution via Administration Interface

CVE-2023-50721 CRITICAL

XWiki Platform 4.5-14.10.5 - Remote Code Execution via Search UI Extension Injection

CVE-2023-6051 MEDIUM

GitLab CE/EE <16.4.4, <16.5.4, <16.6.2 - Info Disclosure

CVE-2023-5512 MEDIUM

GitLab 16.3-16.4.3, 16.5-16.5.3, 16.6-16.6.1 - File Integrity Compromise via HTML-Encoded Filenames

Previous Page 124 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy