CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,510 vulnerabilities with CWE-94
CVE-2023-39320 CRITICAL
GO < 1.21.1 - Code Injection
CVSS 9.8
CVE-2023-39956 MEDIUM
Electron < 22.3.9 - Code Injection via Attacker-Controlled Working Directory
CVSS 6.1
CVE-2023-41319 HIGH
Fides 2.11.0-2.19.0 - Authenticated Remote Code Execution via Custom Connector Function Sandbox Bypass
CVSS 8.8
CVE-2023-38484 HIGH
HPE Aruba 9200/9000 Controllers BIOS - Early Boot Code Execution
CVSS 8.0
CVE-2023-39681 CRITICAL
CuppaCMS 1.0 - Remote Code Execution via Email Outgoing Parameter
CVSS 9.8
CVE-2023-4709 LOW
TOTVS RM 12.1 - Cross-Site Scripting via Login.aspx VIEWSTATE Parameter
CVSS 3.1
CVE-2023-39631 CRITICAL
langchain - Remote Code Execution via Numexpr Evaluate Function
CVSS 9.8
CVE-2023-39685 HIGH
hjson < 3.0.0 - Denial of Service via Crafted JSON String
CVSS 7.5
CVE-2023-41362 HIGH
MyBB < 1.8.36 - Authenticated Code Injection via Admin CP Template Eval
CVSS 7.2
CVE-2023-41005 HIGH
Pagekit 1.0.18 - Remote Code Execution via UpdateController downloadAction and updateAction
CVSS 7.8
CVE-2023-39059 HIGH
ansible-semaphore 2.8.90 - Remote Code Execution via Extra Variables Parameter
CVSS 8.8
CVE-2023-40177 CRITICAL
XWiki 4.3.1-14.10.4 - Authenticated Eval Injection via User Profile Content Field
CVSS 9.9
CVE-2023-37427 HIGH
EdgeConnect SD-WAN Orchestrator 9.0.0-9.0.4 - Authenticated Remote Code Execution
CVSS 7.2
CVE-2023-37424 HIGH
EdgeConnect SD-WAN Orchestrator 9.0.0-9.0.4 - Unauthenticated Remote Code Execution
CVSS 8.1
CVE-2023-36281 CRITICAL
langchain < 0.0.312 - Remote Code Execution via load_prompt JSON File
CVSS 9.8
CVE-2023-39660 CRITICAL
pandasai < 0.8.0 - Remote Code Execution via Prompt Function
CVSS 9.8
CVE-2023-31447 CRITICAL
Draytek Vigor2620 Firmware < 3.9.8.4 and Vigor2925 Firmware - Remote Code Execution via user_login.cgi
CVSS 9.8
CVE-2023-39445 HIGH
Elecom Wrc-1467ghbk-a Firmware - Code Injection
CVSS 8.8
CVE-2023-38576 HIGH
ELECOM LAN-WH300N/RE - Authenticated OS Command Injection
CVSS 8.0
CVE-2023-32626 CRITICAL
ELECOM LAN-W300N/RS and LAN-W300N/PR5 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2023-40313 HIGH
OpenNMS Horizon < 32.0.2 and Meridian < 2020.1.38 - Remote Code Execution via BeanShell Interpreter
CVSS 7.1
CVE-2023-37914 CRITICAL
XWiki 2.5-14.4.8 - Authenticated Remote Code Execution via Script Macro Injection in Invitation.WebHome
CVSS 9.9
CVE-2023-40252 MEDIUM
Genian NAC 4.0.0-4.0.155 and 5.0.0-5.0.42, Genian NAC Suite 5.0.0-5.0.54, Genian ZTNA 6.0.0-6.0.15 - Code Injection
CVSS 6.0
CVE-2023-20209 MEDIUM
Cisco Expressway Series/VCS - Command Injection
CVSS 6.5
CVE-2023-38889 CRITICAL
Alluxio < 2.9.3 - Remote Code Execution via Username Parameter in CommonUtils.getUnixGroups
CVSS 9.8
Details
Vulnerabilities 6,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits