Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,515 vulnerabilities with CWE-94

CVE-2022-45550 CRITICAL

AyaCMS 3.1.2 - Remote Code Execution

CVE-2022-46742 CRITICAL

PaddlePaddle 2.4.0-rc0 - Remote Code Execution via paddle.audio.functional.get_window

CVE-2022-43660 HIGH

Movable Type <7.5301-1.53 - Privilege Escalation

CVE-2022-42699 CRITICAL

Easy WP SMTP <= 1.5.1 - Authenticated Remote Code Execution

CVE-2022-46333 HIGH

Proofpoint Enterprise Protection <8.19.0 - Command Injection

CVE-2022-46161 CRITICAL

pdfmake <= 0.2.5 - Remote Code Execution via Unsafe Evaluation

CVE-2022-4300 MEDIUM

FastCMS - Remote Code Execution via Template Handler

CVE-2022-23465 HIGH

SwiftTerm < 1.2.0 - Remote Code Execution via Terminal Escape Sequence Injection

CVE-2022-43333 CRITICAL

Telenia Software s.r.l TVox <v22.0.17 - RCE

CVE-2022-3713 HIGH

Sophos XG Firewall Firmware < 19.0 - Code Injection in Wifi Controller

CVE-2022-3696 HIGH

Sophos XG Firewall Firmware < 19.0 - Authenticated Code Injection in Webadmin

CVE-2022-44262 CRITICAL

ff4j 1.8.1 - Remote Code Execution

CVE-2022-3384 HIGH

Ultimate Member <2.5.0 - Authenticated RCE

CVE-2022-3383 HIGH

Ultimate Member <2.5.0 - Authenticated RCE

CVE-2022-44038 CRITICAL

Russound XSourcePlayer 777D v06.08.03 - RCE

CVE-2022-45908 CRITICAL

PaddlePaddle < 2.4 - Remote Code Execution via get_window winstr Parameter

CVE-2022-45907 CRITICAL

PyTorch < 1.13.1 - Remote Code Execution via Unsafe eval in torch.jit.annotations.parse_type_line

CVE-2022-41158 HIGH

eyoom_builder < 4.5.3 - Remote Code Execution via Cookie Path Traversal

CVE-2022-39833 HIGH

FileCloud 20.2-21.3.7.18607 - Remote Code Execution via Crafted HTTP Request

CVE-2022-41223 MEDIUM KEV

MiVoice Connect <22.22.6100.0 - Code Injection

CVE-2022-41945 MEDIUM

super-xray 0.1-beta - Remote Code Execution via Unfiltered URL Command Injection

CVE-2022-45132 CRITICAL

Linaro LAVA < 2022.11.1 - Remote Code Execution via Jinja2 Template Injection

CVE-2022-28766 LOW

Zoom Client <5.12.6 - Code Injection

CVE-2022-43279 HIGH

LimeSurvey < 5.0.4 - SQL Injection via update.php

CVE-2022-40127 HIGH

Apache Airflow < 2.4.0 - Authenticated Remote Code Execution via Run ID Parameter

Previous Page 141 of 261 Next

Details

Vulnerabilities 6,515

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy