Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,515 vulnerabilities with CWE-94

CVE-2022-25894 CRITICAL

uflo - Remote Code Execution via ExpressionContextImpl JEXL Expression Evaluation

CVE-2022-25860 HIGH

simple-git < 3.16.0 - Remote Code Execution via Git Command Methods

CVE-2022-45928 HIGH

OpenText Extended ECM 16.2.2-22.3 - Remote Code Execution via HTML File Parameter

CVE-2022-34456 HIGH

Dell EMC Metro Node < 7.1 - Authenticated OS Command Injection

CVE-2022-47318 HIGH

ruby-git <v1.13.0 - Command Injection

CVE-2022-46648 HIGH

ruby-git <v1.13.0 - Command Injection

CVE-2022-42268 HIGH

Omniverse Kit Create, Audio2Face, Isaac Sim, View, Code, Machinima - Remote Code Execution via USD File Python Code

CVE-2022-25926 HIGH

window-control < 1.4.5 - OS Command Injection via sendKeys Function

CVE-2022-46874 HIGH

Firefox < 108 and Firefox ESR < 102.6 - Code Injection via Filename Truncation

CVE-2022-22756 HIGH

Firefox < 97.0 and Firefox ESR < 91.6 - Arbitrary Code Execution via Drag-and-Drop Image

CVE-2022-46101 HIGH

AyaCMS 3.1.2 - Remote Code Execution via ust_sql.inc.php

CVE-2022-47896 MEDIUM

JetBrains IntelliJ IDEA <2022.3.1 - Code Injection

CVE-2022-43486 MEDIUM

Buffalo WSR/WE/WCR Firmware - Authenticated Remote Code Execution via Debug Functionality

CVE-2022-23474 MEDIUM

Editor.js < 2.26.0 - Code Injection via Pasted Input

CVE-2022-23503 HIGH

TYPO3 < 8.7.49, 9.5.38, 10.4.33, 11.5.20, 12.1.1 - Authenticated Code Injection via Form Designer TypoScript

CVE-2022-37155 HIGH

SPIP 3.1.13-4.1.2 - Authenticated Remote Code Execution via _oups Parameter

CVE-2022-44702 HIGH

Windows Terminal < 1.15.2874 - Remote Code Execution

CVE-2022-4455 LOW

php-calendar < 2022-04-28 - Cross-Site Scripting via $_SERVER['PHP_SELF']

CVE-2022-4223 HIGH

pgAdmin 4 < 6.17 - Unauthenticated Remote Code Execution via External Utility Path Validation API

CVE-2022-41264 HIGH

SAP BASIS 731, 740, 750-757, 789-791 - Authenticated Remote Code Execution via RFC Function Module

CVE-2022-44533 HIGH

Aruba EdgeConnect Enterprise < 8.3.7.1 - Authenticated Remote Code Execution

CVE-2022-43542 HIGH

Aruba EdgeConnect Enterprise <9.2.1.0 - Command Injection

CVE-2022-43541 HIGH

Aruba EdgeConnect Enterprise <9.2.1.0 - Command Injection

CVE-2022-46166 HIGH

Spring Boot Admin <2.7.8 - Info Disclosure

CVE-2022-46157 HIGH

Akeneo PIM <5.0.119 & <6.0.53 - Authenticated RCE

Previous Page 140 of 261 Next

Details

Vulnerabilities 6,515

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy