Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,510 vulnerabilities with CWE-94

CVE-2023-26145 HIGH

pydash < 6.0.0 - OS Command Injection via Deep Path String Manipulation

CVE-2023-38877 HIGH

gugoan's Economizzer <0.9-beta1 - Host Header Injection

CVE-2023-41450 HIGH

phpkobo AjaxNewsTicker 1.0.5 - Remote Code Execution via reque Parameter

CVE-2023-41444 HIGH

Binalyze IREC < 3.11.0 - Local Privilege Escalation via IREC.sys Driver

CVE-2023-43651 HIGH

JumpServer <2.28.20 and <3.7.1 - Authenticated Code Execution via MongoDB Session

CVE-2023-5221 MEDIUM

ForU CMS - Remote Code Injection via db_name Parameter in Install Script

CVE-2023-43234 CRITICAL

DedeBIZ v6.2.11 - Remote Code Execution via file_manage_control.php Parameters

CVE-2023-43222 CRITICAL

SeaCMS < 12.8 - Arbitrary Code Write via admin_ping.php

CVE-2023-41984 HIGH

iPadOS < 16.7 - Remote Code Execution

CVE-2023-0626 HIGH

Docker Desktop < 4.12.0 - Remote Code Execution via Message-Box Route Query Parameters

CVE-2023-0625 HIGH

Docker Desktop < 4.12.0 - Remote Code Execution via Extension Description or Changelog

CVE-2023-43270 CRITICAL

dst-admin 1.5.0 - Remote Code Execution via userId Parameter

CVE-2023-4291 CRITICAL

Frauscher Sensortechnik GmbH FDS101 - RCE

CVE-2023-0462 HIGH

Foreman < 3.8.0 - Authenticated Remote Code Execution via YAML Global Parameter Injection

CVE-2023-22513 HIGH

Bitbucket Data Center and Server 8.0.0-8.9.4 - Authenticated Remote Code Execution

CVE-2023-41179 HIGH KEV

Trend Micro Apex One - Command Injection

CVE-2023-40221 HIGH

Socomec Modulys GP Firmware - Stored Cross-Site Scripting via MAIL_RCV Parameter

CVE-2023-34195 HIGH

Insyde InsydeH2O 5.2-5.2.05.28.22 - Arbitrary Code Execution via GetImageProgress UEFI Variable

CVE-2023-34999 HIGH

RTS VLink Virtual Matrix v5 < 5.7.6 and v6 < 6.5.0 - Remote Code Execution via Admin Web Interface

CVE-2023-4994 CRITICAL

Allow PHP in Posts and Pages <= 3.0.4 - Authenticated Remote Code Execution via PHP Shortcode

CVE-2023-4977 MEDIUM

librenms < 23.9.0 - Code Injection

CVE-2023-41892 CRITICAL

Craft CMS unauthenticated Remote Code Execution (RCE)

CVE-2023-40621 MEDIUM

SAP PowerDesigner Client -16.7 - Code Injection

CVE-2023-42471 CRITICAL

wave.ai.browser < 1.0.35 - Remote Code Execution via Crafted Intent

CVE-2023-42470 CRITICAL

Imou Life < 6.8.0 - Remote Code Execution via Exported MainActivity Component

Previous Page 129 of 261 Next

Details

Vulnerabilities 6,510

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy