Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,511 vulnerabilities with CWE-94

CVE-2023-1287 CRITICAL

ENOVIA Live Collaboration >= V6R2013xE < V6R2013xE_FP.CFA.2240 - Remote Code Execution via XSL Template

CVE-2023-27986 HIGH

Emacs 28.1-28.2 - Remote Code Execution via mailto: URI Double-Quote Injection

CVE-2023-1283 CRITICAL

Qwik < 0.21.0 - Code Injection

CVE-2023-22889 CRITICAL

SmartBear Zephyr Enterprise <= 7.15.0 - Unauthenticated Remote Code Execution via Report Generation

CVE-2023-0090 CRITICAL

Proofpoint Enterprise Protection <8.20.0 - RCE

CVE-2023-0089 HIGH

Proofpoint Enterprise Protection <8.20.0 - Authenticated RCE

CVE-2023-1003 MEDIUM

Typora < 1.5.5 - Code Injection via WSH JScript Handler

CVE-2023-24776 CRITICAL

funadmin 3.2.0 - Remote Code Execution via Addon.php Controller

CVE-2023-26107 MEDIUM

sketchsvg - Arbitrary Code Injection via Unsanitized shell.exec Command

CVE-2023-22381 MEDIUM

GitHub Enterprise Server <3.8.0 - Code Injection

CVE-2023-26477 CRITICAL

XWiki Platform <13.10.10, <14.9-rc-1, <14.4.6 - Code Injection

CVE-2023-1097 CRITICAL

Baicells EG7035-M11 Firmware <= BCE-ODU-1.0.8 - Unauthenticated Remote Code Execution via HTTP GET Command Injection

CVE-2023-23496 HIGH

Safari < 16.3 - Remote Code Execution via Malicious Web Content

CVE-2023-1030 LOW

Online Boat Reservation System 1.0 - Cross-Site Scripting via POST Parameter Handler

CVE-2023-1005 MEDIUM

Markdown-Electron - Code Injection

CVE-2023-1004 MEDIUM

MarkText < 0.17.1 - Code Injection via WSH JScript Handler

CVE-2023-24114 CRITICAL

typecho < 1.2.0 - Remote Code Execution via install.php

CVE-2023-24107 CRITICAL

hour_of_code_python_2015 - Code Injection

CVE-2023-25657 HIGH

Nautobot < 1.5.7 - Remote Code Execution via Jinja2 Template Rendering

CVE-2023-24078 HIGH

FuguHub < 8.1 - Remote Code Execution via CMS Docs Component

CVE-2023-0877 HIGH

froxlor < 2.0.11 - Code Injection

CVE-2023-22855 CRITICAL

Kardex Mlog MCC 5.7.12+0-a203c2a213-master - Remote Code Execution via Path Traversal and T4 Template Injection

CVE-2023-21553 HIGH

Azure DevOps Server - Remote Code Execution

CVE-2023-25717 CRITICAL KEV

Ruckus Wireless Admin < 10.4 - Unauthenticated Remote Code Execution via HTTP GET Request

CVE-2023-23551 CRITICAL

Control By Web X-600M Firmware < 1.16.00 - Remote Code Execution via Lua Script Injection

Previous Page 137 of 261 Next

Details

Vulnerabilities 6,511

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy