Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,518 vulnerabilities with CWE-94

CVE-2022-29815 MEDIUM

JetBrains IntelliJ IDEA < 2022.1 - Local Code Execution via Workspace Settings

CVE-2022-29814 MEDIUM

JetBrains IntelliJ IDEA < 2022.1 - Local Code Execution via HTML Descriptions in Custom JSON Schemas

CVE-2022-29813 MEDIUM

JetBrains IntelliJ IDEA < 2022.1 - Local Code Execution via Custom Pandoc Path

CVE-2022-24735 LOW

Redis <7.0.0-6.2.7 - Code Injection

CVE-2022-24881 HIGH

ballcat/codegen < 1.0.0.beta.2 - Remote Code Execution via Template Engine Injection

CVE-2022-29078 CRITICAL

ejs 3.1.6 - Server-Side Template Injection via outputFunctionName Option

CVE-2022-0661 HIGH

Ad Injection WP <1.2.0.19 - XSS/RCE

CVE-2022-24816 CRITICAL KEV

jai-ext < 1.1.22 - Remote Code Execution via Jiffle Script Compilation

CVE-2022-27837 MEDIUM

Android R-13 - Privilege Escalation

CVE-2022-22954 CRITICAL KEV

VMware Workspace ONE Access CVE-2022-22954

CVE-2022-24780 HIGH

Combodo iTop < 2.7.6 - Remote Code Execution via TWIG Code Injection

CVE-2022-26982 HIGH

SimpleMachinesForum <2.1.1 - Authenticated RCE

CVE-2022-22965 CRITICAL KEV

Spring Framework - Remote Code Execution via Data Binding

CVE-2022-22963 CRITICAL KEV

Spring Cloud Function < 3.1.6 - Remote Code Execution via SpEL Routing Expression

CVE-2022-1159 HIGH

Rockwellautomation Controllogix 5580 Firmware - Code Injection

CVE-2022-25578 CRITICAL

taocms 3.0.2 - Code Injection via .htaccess File Editing

CVE-2022-25760 HIGH

accesslog - Arbitrary Code Injection via Format Option

CVE-2022-0811 HIGH

CRI-O 1.19.0-1.19.5 - Container Escape and Arbitrary Code Execution via Pod Kernel Options

CVE-2022-25498 CRITICAL

CuppaCMS 1.0 - Remote Code Execution via saveConfigData Function

CVE-2022-0944 HIGH

sqlpad < 6.10.1 - Remote Code Execution via Template Injection in Connection Test Endpoint

CVE-2022-0921 MEDIUM

microweber < 1.2.12 - Remote Code Execution via Backup/Restore Feature

CVE-2022-24915 HIGH

ipcomm ipdio_firmware - Stored Cross-Site Scripting via Administrative Services Configuration Parameters

CVE-2022-22985 HIGH

ipcomm ipdio_firmware - Stored Cross-Site Scripting via History Review Parameters

CVE-2022-24734 HIGH

MyBB Admin Control Code Injection RCE

CVE-2022-24512 MEDIUM

Microsoft .NET, PowerShell, and Visual Studio - Remote Code Execution

Previous Page 146 of 261 Next

Details

Vulnerabilities 6,518

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy