Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,518 vulnerabilities with CWE-94

CVE-2022-0896 HIGH

microweber/microweber <1.3 - Info Disclosure

CVE-2022-0845 CRITICAL

PyTorch Lightning < 1.6.0 - Code Injection

CVE-2022-22947 CRITICAL KEV

Spring Cloud Gateway Remote Code Execution

CVE-2022-22909 HIGH

HotelDruid 3.0.3 - Remote Code Execution via Create New Room Name Field

CVE-2022-0819 HIGH

Dolibarr < 15.0.1 - Code Injection

CVE-2022-25018 HIGH

Pluxml v5.8.7 - Remote Code Execution via Static Page PHP Injection

CVE-2022-24442 CRITICAL

JetBrains YouTrack <2021.4.40426 - SSRF

CVE-2022-23810 MEDIUM

a-blog cms <Ver.2.8.75-Ver.3.0.1 - Info Disclosure

CVE-2022-24295 HIGH

Okta Advanced Server Access Client <1.57.0 - Command Injection

CVE-2022-23642 HIGH

Sourcegraph gitserver sshCommand RCE

CVE-2022-24665 CRITICAL

PHP Everywhere <= 2.0.3 - Authenticated Remote Code Execution via Gutenberg Block

CVE-2022-24664 CRITICAL

PHP Everywhere <= 2.0.3 - Authenticated Remote Code Execution via WordPress Metabox

CVE-2022-24663 CRITICAL

PHP Everywhere <= 2.0.3 - Command Injection

CVE-2022-23434 MEDIUM

Samsung Bixby < 3.7.50.6 - Privileged Action Execution via PendingIntent Hijacking

CVE-2022-23426 MEDIUM

Android DeX Home and DeX for PC - Unauthenticated Code Injection via PendingIntent

CVE-2022-23631 CRITICAL

blitzjs superjson < 1.8.1 - Unauthenticated Remote Code Execution via Prototype Pollution

CVE-2022-23614 HIGH

Twig 2.0.0-2.14.11 - Remote Code Execution via Sort Filter Arrow Parameter

CVE-2022-21686 CRITICAL

PrestaShop 1.7.0.0-1.7.8.3 - Authenticated Code Injection via Legacy Layout

CVE-2022-23008 MEDIUM

F5 NGINX Controller API Management 3.18.0-3.19.0 - Authenticated JavaScript Injection via Undisclosed API Endpoints

CVE-2022-0323 HIGH

Packagist mustache/mustache <2.14.1 - Info Disclosure

CVE-2022-23120 HIGH

Trend Micro Deep Security Agent < 20.0.0-3445 - Privilege Escalation and Remote Code Execution

CVE-2022-22286 MEDIUM

Bixby Routines <3.1.21.8 - Privilege Escalation

CVE-2022-22285 MEDIUM

Reminder <12.2.05.0 - Privilege Escalation

CVE-2022-22270 MEDIUM

Dialer <SMR Jan-2022 Release 1 - Info Disclosure

CVE-2021-47952 CRITICAL

python jsonpickle 2.0.0 Remote Code Execution via py/repr

Previous Page 147 of 261 Next

Details

Vulnerabilities 6,518

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy