Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,511 vulnerabilities with CWE-94

CVE-2023-29492 CRITICAL KEV

novi_survey < 8.9.43676 - Remote Code Execution

CVE-2023-27897 MEDIUM

SAP CRM 700-713 - Authenticated Code Injection via Vulnerable Interface

CVE-2023-27650 CRITICAL

APUS Launcher 3.10.73 and 3.10.88 - Remote Code Execution via FONT_FILE Parameter

CVE-2023-1947 MEDIUM

taoCMS 3.0.2 - Remote Code Injection in /admin/admin.php

CVE-2023-28706 CRITICAL

Apache Airflow Hive Provider <6.0.0 - Code Injection

CVE-2023-26817 HIGH

codefever < 2023-02-07 - Remote Code Execution via User API Controller

CVE-2023-24538 CRITICAL

Go Templates - Code Injection via JavaScript Template Literals

CVE-2023-1708 MEDIUM

GitLab CE/EE <15.8.5-15.10.1 - Code Injection

CVE-2023-27770 HIGH

Wondershare Edraw Max 12.0.4 - Remote Code Execution via Setup Executable

CVE-2023-26119 CRITICAL

net.sourceforge.htmlunit:htmlunit <3.0.0 - RCE

CVE-2023-1773 MEDIUM

Rockoa 2.3.2 - Code Injection in Configuration File Handler

CVE-2023-25261 CRITICAL

Stimulsoft Designer and Viewer - Remote Code Execution via Report Variable Injection

CVE-2023-24835 HIGH

Softnext SPAM SQR < 2.221231 - Authenticated Code Injection

CVE-2023-28333 CRITICAL

moodle 3.9.0-3.9.19 and 4.1.0-4.1.1 - Code Injection via Mustache Pix Helper

CVE-2023-24709 HIGH

Paradox Security Systems IPR512 - DoS

CVE-2023-1306 HIGH

Rapid7 InsightCloudSec < 2023.02.01 & InsightAppSec < 23.2.1 - RCE via Jinja Template Injection

CVE-2023-1304 HIGH

Rapid7 InsightCloudSec < 2023.02.01 & InsightAppSec < 23.2.1 - RCE via Jinja Template Injection

CVE-2023-1250 HIGH

OTRS 6.0.1-6.0.34 and 7.0.0-7.0.41 - Local Code Execution via ACL Comment Injection

CVE-2023-1482 MEDIUM

HkCms 2.2.4.230206 - Code Injection

CVE-2023-0598 HIGH

GE Digital Proficy iFIX 2022 v6.1 v6.5 - Code Injection via Malicious Configuration Files

CVE-2023-24795 CRITICAL

JHR-N916R Firmware <= 21.11.1.1483 - Remote Code Execution

CVE-2023-25344 CRITICAL

swig-templates < 2.0.4 and swig < 1.4.2 - Remote Code Execution via Object.prototype Function Injection

CVE-2023-27893 HIGH

SAP Solution Manager - Authenticated Remote Code Execution via Vulnerable Interface

CVE-2023-1367 LOW

easyappointments < 1.5.0 - Code Injection

CVE-2023-0888 MEDIUM

B.Braun Battery Pack SP with WiFi Firmware L90/U70 and L92/U92 - Authenticated Eval Injection in Embedded Web Server

Previous Page 136 of 261 Next

Details

Vulnerabilities 6,511

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy