Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,510 vulnerabilities with CWE-94

CVE-2023-2583 CRITICAL

jsreport < 3.11.3 - Code Injection

CVE-2023-29963 HIGH

S-CMS v5.0 - Authenticated Remote Code Execution via /admin/ajax.php

CVE-2023-31415 HIGH

Kibana 8.7.0 - Authenticated Remote Code Execution via Uptime/Synthetics Feature

CVE-2023-31414 HIGH

Kibana 8.0.0-8.7.0 - Authenticated Remote Code Execution via YAML or ENV Configuration

CVE-2023-1178 MEDIUM

GitLab 8.6-15.9.5, 15.10-15.10.4, 15.11 - File Integrity Compromise via Tag or Release Reference

CVE-2023-26546 HIGH

IUCLID <6.27.6 - Authenticated Code Injection

CVE-2023-26782 MEDIUM

mccms 2.6.1 - Denial of Service via Cache Security Character Configuration

CVE-2023-30349 CRITICAL

JFinal CMS 5.1.0 - Remote Code Execution via ActionEnter Function

CVE-2023-30404 CRITICAL

Aigital Wireless-N Repeater Mini Router Firmware v0.131229 - Remote Code Execution via sysCmd Parameter

CVE-2023-2259 HIGH

GitHub alfio-event/alf.io <2.0-M4-2304 - Info Disclosure

CVE-2023-29566 CRITICAL

dawnsparks-node-tesseract 0.4.0-0.4.1 - Remote Code Execution via child_process Function

CVE-2023-26060 MEDIUM

Nokia NetAct <22 FP2211 - Client-side Template Injection

CVE-2023-25550 HIGH

StruxureWare Data Center Expert < 7.9.2 - Remote Code Execution via Hostname Parameter

CVE-2023-25549 HIGH

StruxureWare Data Center Expert <= 7.9.2 - Remote Code Execution via DCE Network Settings Endpoint

CVE-2023-2017 HIGH

Shopware 6 <= v6.4.20.0,v6.5.0.0-rc1 <= v6.5.0.0-rc4 - Code Injection

CVE-2023-30537 CRITICAL

XWiki 12.6.6-13.10.10 - Authenticated Remote Code Execution via FlamingoThemesCode.WebHome Style Property

CVE-2023-29509 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via DocumentTree Macro Parameter Injection

CVE-2023-29214 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via IncludedDocuments Panel

CVE-2023-29212 CRITICAL

XWiki 14.0-14.4.7 - Authenticated Remote Code Execution via Insufficient Escaping in Included Documents Edit Panel

CVE-2023-29211 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Improper WikiId Parameter Escaping

CVE-2023-29210 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Notification Preferences Macro

CVE-2023-29209 CRITICAL

XWiki <13.10.11 - Code Execution via Legacy Notification Activity Macro

CVE-2023-2056 MEDIUM

dedecms < 5.7.87 - Remote Code Execution via GetSystemFile Function

CVE-2023-30638 HIGH

Atos Unify Openscape Bcf < 10r10.7.0 - Command Injection

CVE-2023-29492 CRITICAL KEV

novi_survey < 8.9.43676 - Remote Code Execution

Previous Page 135 of 261 Next

Details

Vulnerabilities 6,510

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy