Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,519 vulnerabilities with CWE-94

CVE-2021-31949 HIGH

Microsoft Outlook - Remote Code Execution

CVE-2021-32673 HIGH

reg-keygen-git-hash-plugin <0.10.16 - RCE

CVE-2021-22336 HIGH

Huawei EMUI and Magic UI - Denial of Security Services via Improper Code Generation

CVE-2021-32924 HIGH

Invision Community <4.6.0 - Code Injection

CVE-2021-24312 HIGH

WP Super Cache < 1.7.3 - Remote Code Execution via Settings Parameters

CVE-2021-30461 CRITICAL

VoIPmonitor < 24.61 - Unauthenticated Remote Code Execution via SPOOLDIR Injection

CVE-2021-32621 HIGH

XWiki 3.0.1-12.6.6 - Unauthenticated Remote Code Execution via Dashboard Gadget Title

CVE-2021-29505 HIGH

XStream < 1.4.17 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-22900 HIGH KEV

Pulse Connect Secure <9.1R11.4 - Code Injection

CVE-2021-22894 HIGH KEV

Pulse Connect Secure <9.1R11.4 - RCE

CVE-2021-27811 HIGH

QibosoftX1 1.0 - Remote Code Execution via Upgrade Function

CVE-2021-22117 HIGH

RabbitMQ 3.8.0-3.8.15 - Unauthenticated Arbitrary Plugin Installation via Insecure Plugin Directory Permissions

CVE-2021-32820 HIGH

Express-handlebars - Info Disclosure

CVE-2021-32817 MEDIUM

express-hbs < 5.3.2 - File Disclosure via Layout Parameter

CVE-2021-31198 HIGH

Microsoft Exchange Server - Remote Code Execution

CVE-2021-31181 HIGH

Microsoft SharePoint - Remote Code Execution via Unsafe Control and ViewState

CVE-2021-27611 MEDIUM

SAP NetWeaver AS ABAP - Code Injection

CVE-2021-29502 HIGH

warnsystem < 1.3.18 - Information Disclosure via Unsanitized Template

CVE-2021-29493 MEDIUM

kennnyshiwa-cogs < 2021-05-05 - Remote Code Execution in Tickets Module

CVE-2021-21415 HIGH

Prisma VS Code Extension < 2.20.0 - Remote Code Execution via Custom Prisma Format Binary Path

CVE-2021-29472 HIGH

Composer < 1.10.22 - Remote Code Execution via Mercurial Repository URL

CVE-2021-29475 CRITICAL

HedgeDoc < 1.5.0 - Server-Side Request Forgery via PDF Export

CVE-2021-22205 CRITICAL KEV

GitLab 11.9.0-13.8.7 - Unauthenticated Remote Code Execution via ExifTool Image Parsing

CVE-2021-22204 MEDIUM KEV

GitLab Unauthenticated Remote ExifTool Command Injection

CVE-2021-29465 HIGH

discord-recon < 0.0.4 - Remote Code Execution via File Overwrite

Previous Page 154 of 261 Next

Details

Vulnerabilities 6,519

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy