Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2023-6016 CRITICAL

H2O Dashboard POJO Model Import - Remote Code Execution

CVE-2023-47003 CRITICAL

RedisGraph 2.12.10 - Remote Code Execution and Denial of Service via DataBlock_ItemIsDeleted

CVE-2023-47444 HIGH

OpenCart 4.0.0.0-4.0.2.3 - Authenticated Remote Code Execution via Config File Injection

CVE-2023-48217 HIGH

Statamic < 3.4.14 and 4.0.0-4.34.0 - Unrestricted Upload of File with Dangerous Type

CVE-2023-36437 HIGH

Microsoft Azure DevOps Server - Remote Code Execution

CVE-2023-6131 HIGH

salesagility/suitecrm <7.14.2-8.4.2 - Code Injection

CVE-2023-6126 CRITICAL

salesagility/suitecrm <7.14.2-8.4.2 - Code Injection

CVE-2023-6125 HIGH

GitHub salesagility/suitecrm <7.14.2-8.4.2 - Code Injection

CVE-2023-45560 HIGH

memberscard 13.6.1 - Unauthenticated Code Injection via Channel Access Token Leakage

CVE-2023-36014 HIGH

Microsoft Edge Chromium < 119.0.2151.58 - Remote Code Execution

CVE-2023-5550 MEDIUM

moodle <3.9.24 and >=4.3.0-beta <4.3.0-rc2 - Remote Code Execution via Local File Include

CVE-2023-5540 MEDIUM

moodle < 3.9.24 and >= 4.0.0 < 4.3.0-rc2 - Authenticated Remote Code Execution in IMSCP Activity

CVE-2023-5539 MEDIUM

moodle < 3.9.24 and 4.0.0-4.2.0 - Authenticated Remote Code Execution in Lesson Activity

CVE-2023-47397 CRITICAL

webid <=1.2.2 - Authenticated Code Injection via admin/categoriestrans.php

CVE-2023-45849 CRITICAL

Helix Core < 2023.2 - Arbitrary Code Execution and Privilege Escalation

CVE-2023-46243 CRITICAL

XWiki 1.0-14.10.5 and 15.0-15.1 - Authenticated Remote Code Execution via Crafted Edit URL

CVE-2023-46242 CRITICAL

XWiki < 14.10.7 - Authenticated Cross-Site Request Forgery via Crafted URL

CVE-2023-46845 HIGH

EC-CUBE 3.0.0-3.0.18-p6, 4.0.0-4.0.6-p3, 4.1.0-4.1.2-p2, 4.2.0-4.2.2 - Authenticated RCE via Twig

CVE-2023-46731 CRITICAL

XWiki Platform < 14.10.14 - Unauthenticated Remote Code Execution via Section URL Parameter

CVE-2023-46980 CRITICAL

Best Courier Management System <1.0 - RCE

CVE-2023-46404 CRITICAL

utoronto/pcrs <= 3.11 - Remote Code Execution via Python Sandbox Escape

CVE-2023-46947 HIGH

Subrion 4.2.1 - Remote Code Execution

CVE-2023-36022 MEDIUM

Microsoft Edge Chromium < 118.0.2088.88 and < 119.0.2151.44 - Remote Code Execution

CVE-2023-46958 CRITICAL

lmxcms 1.41 - Remote Code Execution via admin.php

CVE-2023-20063 HIGH

Cisco Firepower 6.2.3 Authenticated RCE via Expert Mode Command Injection

Previous Page 126 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy