Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,518 vulnerabilities with CWE-94

CVE-2021-3661 HIGH

HP Z1 All-in-one G3 Firmware - Code Injection

CVE-2021-26731 CRITICAL

Lanner Inc IAC-AST2500A Firmware 1.10.0 - Authenticated Stack-Based Buffer Overflow in modifyUserb_func

CVE-2021-26729 CRITICAL

Lanner Inc IAC-AST2500A Firmware 1.10.0 - Stack-Based Buffer Overflow and Command Injection in Login Handler

CVE-2021-26728 CRITICAL

Lanner Inc IAC-AST2500A Firmware 1.10.0 - Stack-Based Buffer Overflow and Command Injection in KillDupUsr_func

CVE-2021-26727 CRITICAL

Lanner Inc IAC-AST2500A standard firmware 1.10.0 - Stack-based Buffer Overflow in SubNet_handler_func

CVE-2021-22646 HIGH

Ovarro TWinSoft < 12.4 - Remote Code Execution via Malicious IPK Package

CVE-2021-40553 HIGH

piwigo 11.5.0 - Remote Code Execution in LocalFiles Editor

CVE-2021-41402 HIGH

flatcore-cms 2.0.8 - Remote Code Execution

CVE-2021-41749 CRITICAL

nystudio107 SEOmatic < 3.4.11 - Unauthenticated Server-Side Template Injection

CVE-2021-27446 CRITICAL

Weintek cMT Firmware < 20210305 - Unauthenticated Remote Code Execution

CVE-2021-42651 HIGH

Pentest-Collaboration-Framework 1.0.8 - Authenticated Server-Side Template Injection via Reports Endpoint

CVE-2021-40219 HIGH

Bolt CMS <= 4.2 - Authenticated Remote Code Execution via Theme Template Injection

CVE-2021-39114 HIGH

Atlassian Confluence Data Center < 6.13.23 - Code Injection

CVE-2021-39908 MEDIUM

GitLab 0.8.0-14.2.5, 14.3.0-14.3.3, 14.4.0 - Code Injection via Unicode Character Obfuscation

CVE-2021-43097 HIGH

DIYHi BBS 5.3 - Server-Side Template Injection in TemplateManageAction

CVE-2021-26622 CRITICAL

Genian NAC 4.0-4.0.145.0831 - Remote Code Execution via SSTI and File Name Parameter

CVE-2021-38745 MEDIUM

Chamilo LMS <1.11.14 - Code Injection

CVE-2021-39383 CRITICAL

DWSurvey 3.2.0 - Remote Code Execution via SysPropertyAction Component

CVE-2021-25003 CRITICAL

WPCargo Track & Trace < 6.9.0 - Unauthenticated Arbitrary File Write and Remote Code Execution

CVE-2021-44618 CRITICAL

nystudio107 seomatic < 3.4.12 - Server-Side Template Injection via Host Header

CVE-2021-43944 HIGH

Atlassian Jira Server/Data Center <8.13.15 & <8.20.3 - RCE

CVE-2021-44238 HIGH

AyaCMS 3.1.2 - Remote Code Execution via ust_tab_e.inc.php

CVE-2021-22395 HIGH

Huawei EMUI - Code Injection

CVE-2021-46063 CRITICAL

MCMS v5.2.5 - Server-Side Template Injection via Template Management Module

CVE-2021-46362 CRITICAL

Magnolia CMS < 6.2.4 - Server-Side Template Injection via Registration and Forgotten Password Forms

Previous Page 149 of 261 Next

Details

Vulnerabilities 6,518

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy