Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,510 vulnerabilities with CWE-94

CVE-2023-3519 CRITICAL KEV

Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution

CVE-2023-22506 HIGH

Bamboo Data Center 8.0.0-9.2.2 - Authenticated Remote Code Execution

CVE-2023-34330 HIGH

AMI MegaRAC SP-X - Code Injection via Dynamic Redfish Extension Interface

CVE-2023-37466 CRITICAL

Vm2 < 3.9.19 - Code Injection

CVE-2023-37274 HIGH

Auto-GPT < 0.4.3 - Path Traversal and Arbitrary Code Execution via Basename Argument

CVE-2023-37273 HIGH

Auto-GPT < 0.4.3 - Remote Code Execution via Docker Compose File Overwrite

CVE-2023-37565 HIGH

ELECOM WRC-1167 Series Firmware - Authenticated Remote Code Execution

CVE-2023-38198 CRITICAL

acme.sh < 3.0.6 - Remote Code Execution via Eval of Untrusted Commands

CVE-2023-37582 CRITICAL

Apache RocketMQ - Remote Command Execution

CVE-2023-37199 MEDIUM

StruxureWare Data Center Expert < 7.9.3 - Authenticated Remote Code Execution via Backup Tampering

CVE-2023-37198 MEDIUM

StruxureWare Data Center Expert < 7.9.3 - Authenticated Remote Code Execution via Install Package Upload

CVE-2023-24492 CRITICAL

Citrix Secure Access Client < 23.5.2 - Remote Code Execution via Crafted Link

CVE-2023-35333 HIGH

MediaWiki PandocUpload < 1.0.1 - Remote Code Execution

CVE-2023-33157 HIGH

Microsoft SharePoint Server - Remote Code Execution

CVE-2023-37659 CRITICAL

xalpha 0.11.4 - Remote Code Execution

CVE-2023-27869 MEDIUM

IBM Db2 10.5, 11.1, 11.5 - Authenticated Remote Code Execution via TraceFile Logger Injection

CVE-2023-27868 MEDIUM

IBM Db2 JDBC Driver 10.5, 11.1, 11.5 - Authenticated Remote Code Execution via Plugin Class Instantiation

CVE-2023-27867 MEDIUM

IBM Db2 JDBC Driver 10.5, 11.1, 11.5 - Authenticated Remote Code Execution via JNDI Injection

CVE-2023-3551 HIGH

nilsteampassnet/teampass <3.0.10 - Code Injection

CVE-2023-36992 HIGH

TravianZ 8.3.4-8.3.3 - Code Injection

CVE-2023-36859 HIGH

PiiGAB M-Bus SoftwarePack 900S - Command Injection

CVE-2023-29382 CRITICAL

Zimbra Collaboration 8.8.15 and 9.0 - Remote Code Execution via sfdc_preauth.jsp

CVE-2023-30990 HIGH

IBM i 7.2-7.5 - Remote Code Execution via DDM Architecture

CVE-2023-36258 CRITICAL

LangChain < 0.0.236 - Remote Code Execution via Python Code Injection

CVE-2023-33466 HIGH

Orthanc <1.12.0 - Privilege Escalation

Previous Page 132 of 261 Next

Details

Vulnerabilities 6,510

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy