Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,519 vulnerabilities with CWE-94

CVE-2021-39144 HIGH KEV

XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-3615 MEDIUM

Lenovo Smart Camera X3 X5 C2E Firmware < 01.03.29.16 - Code Execution via SD Card File

CVE-2021-32829 CRITICAL

ZStack REST API 2.2.4-3.8.21 - Authenticated Code Execution via Groovy Sandbox Bypass

CVE-2021-32822 MEDIUM

hbs - File Disclosure via Express Render API Configuration Overwrite

CVE-2021-32809 MEDIUM

CKEditor 4.5.2-4.16.1 - HTML Injection via Malformed Paste Content

CVE-2021-37626 HIGH

Contao 4.4.0-4.4.55 - Authenticated PHP File Inclusion via Insert Tags

CVE-2021-37694 HIGH

asyncapi/java-spring-cloud-stream-template < 0.7.0 - Remote Code Execution via AsyncAPI Document

CVE-2021-38196 CRITICAL

better-macro < 2021-07-22 - Remote Code Execution via Proc-Macro

CVE-2021-36800 HIGH

Akaunting < 2.1.13 - Remote Code Execution via Invoice Price Parameter

CVE-2021-32706 HIGH

Pi-hole Web interface <5.5.1 - Code Injection

CVE-2021-31630 HIGH

OpenPLC Webserver v3 - Remote Code Execution via Hardware Layer Code Box

CVE-2021-24430 HIGH

Speed Booster Pack < 4.2.0 - Remote Code Execution via Unvalidated Caching Settings

CVE-2021-25808 HIGH

Bludit 3.13.1 - Remote Code Execution via Crafted ZIP File in Backup Plugin

CVE-2021-1518 MEDIUM

Cisco Firepower Device Manager On-Box 6.3.0-6.3.9 - Authenticated Remote Code Execution via REST API

CVE-2021-32756 HIGH

ManageIQ <jansa-4,kasparov-2,lasker-1 - RCE

CVE-2021-32749 MEDIUM

fail2ban <0.9.7, 0.10.0-0.10.6, 0.11.0-0.11.2 - RCE

CVE-2021-33678 MEDIUM

SAP NetWeaver AS ABAP - Code Injection

CVE-2021-23390 CRITICAL

total4 < 0.0.43 - Remote Code Execution via U.set() and U.get() Functions

CVE-2021-23389 CRITICAL

total.js < 3.4.9 - Remote Code Execution via U.set() and U.get() Functions

CVE-2021-1585 HIGH

Cisco Adaptive Security Device Manager < 7.18.1.152 - Unauthenticated Remote Code Execution via Launcher Code Injection

CVE-2021-35514 CRITICAL

narou < 3.8.0 - Remote Code Execution via Novel Title or Author Name

CVE-2021-25416 MEDIUM

RKP <SMR JUN-2021 Release 1 - Local Privilege Escalation

CVE-2021-25415 MEDIUM

RKP <SMR JUN-2021 Release 1 - Memory Corruption

CVE-2021-25411 MEDIUM

RKP API <SMR JUN-2021 Release 1 - Memory Corruption

CVE-2021-25393 MEDIUM

SecSettings <SMR MAY-2021 Release 1 - Privilege Escalation

Previous Page 153 of 261 Next

Details

Vulnerabilities 6,519

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy