CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,519 vulnerabilities with CWE-94
CVE-2021-43221 MEDIUM
Microsoft Edge Chromium < 96.0.1054.29 - Remote Code Execution
CVSS 4.2
CVE-2021-38448 HIGH
Trane Symbio 700 and 800 - Code Injection
CVSS 7.5
CVE-2021-33493 MEDIUM
OX App Suite <7.10.5 - Code Injection
CVSS 6.0
CVE-2021-22053 HIGH
Spring Cloud Netflix Hystrix Dashboard - Remote Code Execution via Request URI Path SpringEL Injection
CVSS 8.8
CVE-2021-41269 CRITICAL
cron-utils < 9.1.6 - Unauthenticated Remote Code Execution via Java EL Expression Injection
CVSS 10.0
CVE-2021-41653 CRITICAL
TP-Link TL-WR840N EU v5 Firmware <= TL-WR840N(EU)_V5_171211 - Remote Code Execution via PING IP Address Input
CVSS 9.8
CVE-2021-33816 CRITICAL
Dolibarr 13.0.2 - Remote Code Execution via Website Builder Backtick Injection
CVSS 9.8
CVE-2021-43208 HIGH
3D Viewer < 7.2107.7012.0 - Remote Code Execution
CVSS 7.8
CVE-2021-42298 HIGH
Microsoft Malware Protection Engine < 1.1.18700.3 - Remote Code Execution
CVSS 7.8
CVE-2021-42296 HIGH
Microsoft 365 Apps and Office - Remote Code Execution
CVSS 7.8
CVE-2021-43466 CRITICAL
thymeleaf-spring5 < 3.0.13.RELEASE - Remote Code Execution via Template Injection
CVSS 9.8
CVE-2021-24721 MEDIUM
Loco Translate <2.5.4 - Code Injection
CVSS 6.5
CVE-2021-24537 HIGH
Similar Posts WordPress Plugin < 3.1.5 - Authenticated PHP Code Execution via Widget Setting
CVSS 7.2
CVE-2021-41228 HIGH
TensorFlow 2.4.0-2.4.3, 2.5.0-2.5.1 - OS Command Injection via saved_model_cli eval
CVSS 7.5
CVE-2021-42057 HIGH
Obsidian Dataview <= 0.4.12-hotfix1 - Remote Code Execution via Markdown File
CVSS 7.8
CVE-2021-43281 HIGH
MyBB 1.2.0-1.8.28 - Authenticated Remote Code Injection via Admin CP Settings Management
CVSS 7.2
CVE-2021-42754 LOW
FortiClientMacOS <= 6.4.5 and <= 7.0.0 - Authenticated Camera Hijack via Malicious dylib File
CVSS 3.2
CVE-2021-25877 HIGH
youphptube < 10.0 - Authenticated Arbitrary File Write via save.php
CVSS 7.2
CVE-2021-40348 HIGH
Uyuni 2021.08 - Code Injection via rhn-config-satellite.pl Configuration Filename
CVSS 8.8
CVE-2021-42694 HIGH
Unicode < 14.0.0 - Code Injection via Homoglyph Identifier Spoofing
CVSS 8.3
CVE-2021-42574 HIGH
Unicode < 14.0.0 - Code Injection via Bidirectional Algorithm Control Sequences
CVSS 8.3
CVE-2021-36985 HIGH
Huawei EMUI and Magic UI - Code Injection
CVSS 7.5
CVE-2021-41619 HIGH
Gradle Enterprise >=2020.4 <2021.1.2 - Authenticated Remote Code Execution via JVM Startup Configuration
CVSS 7.2
CVE-2021-38450 CRITICAL
Trane Tracer SC/SC+ and Concierge - Code Injection
CVSS 9.9
CVE-2021-22961 CRITICAL
GlassWire <2.1.167 - Code Injection
CVSS 9.8
Details
Vulnerabilities 6,519
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits