Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,518 vulnerabilities with CWE-94

CVE-2022-30083 CRITICAL

EllieGrid 3.4.1 - Remote Code Execution

CVE-2022-37009 LOW

JetBrains IntelliJ IDEA < 2022.2 - Local Code Execution via Vagrant Executable

CVE-2022-35649 CRITICAL

Moodle - Remote Code Execution via Ghostscript PostScript Parsing

CVE-2022-25759 CRITICAL

convert-svg-core < 0.6.2 - Remote Code Injection via Malicious SVG File

CVE-2022-31161 CRITICAL

Roxy-WI <6.1.1.0 - Command Injection

CVE-2022-32417 CRITICAL

pbootcms 3.1.2 - Remote Code Execution via parserIfLabel Function

CVE-2022-34821 HIGH

SIMATIC CP 1242-7 V2 Firmware and related products - Remote Code Execution via OpenVPN Configuration Injection

CVE-2022-34663 HIGH

Siemens RUGGEDCOM ROS - Remote Code Execution via Web Console

CVE-2022-2073 HIGH

Grav < 1.7.34 - Code Injection

CVE-2022-0885 CRITICAL

Member Hero WordPress Plugin < 1.0.9 - Unauthenticated Arbitrary PHP Function Execution via AJAX Action

CVE-2022-2054 HIGH

Nuitka < 0.9 - Code Injection

CVE-2022-24429 HIGH

convert-svg-core <0.6.3 - Code Injection

CVE-2022-2014 MEDIUM

drawio < 19.0.2 - Code Injection

CVE-2022-21122 CRITICAL

metacalc < 0.0.2 - Remote Code Execution via Math Class Exposure

CVE-2022-21831 CRITICAL

Active Storage 5.2.0-5.2.6.2 - Code Injection via Image Processing Arguments

CVE-2022-29221 HIGH

Smarty <3.1.45, <4.1.1 - Code Injection

CVE-2022-29216 HIGH

TensorFlow <2.9.0, 2.8.1, 2.7.2, 2.6.4 - Code Injection

CVE-2022-0578 MEDIUM

publify/publify <9.2.8 - Code Injection

CVE-2022-29307 CRITICAL

IonizeCMS v1.0.8.1 - Command Injection

CVE-2022-23332 HIGH

Shenzhen Ejoin ACOM508/ACOM516/ACOM532 < 508-609-900-241-100-020/532-609-915-041-100-020 RCE via Ping Form

CVE-2022-29171 MEDIUM

Sourcegraph < 3.38.0 - Authenticated Remote Code Execution via Gitolite Callsign Command

CVE-2022-24817 CRITICAL

Flux2 0.1.0-0.29.0 - Code Injection via Malicious Kubeconfig

CVE-2022-1575 CRITICAL

drawio < 18.0.0 - Arbitrary Code Execution via Sanitizer Bypass

CVE-2022-29821 MEDIUM

JetBrains PyCharm < 2022.1 - Local Code Execution via ReSharper Quick Documentation Links

CVE-2022-29819 MEDIUM

JetBrains IntelliJ IDEA < 2022.1 - Local Code Execution via Quick Documentation Links

Previous Page 145 of 261 Next

Details

Vulnerabilities 6,518

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy