CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,519 vulnerabilities with CWE-94
CVE-2021-29461 HIGH
discord-recon < 0.0.3 - Remote Code Execution via Argument Injection
CVSS 8.1
CVE-2021-29440 HIGH
Grav < 1.7.11 - Authenticated Remote Code Execution via Twig Template Injection
CVSS 8.4
CVE-2021-27602 CRITICAL
SAP Commerce 1808, 1811, 1905, 2005, 2011 - Authenticated Remote Code Execution via Source Rule Injection
CVSS 9.9
CVE-2021-23281 CRITICAL
Eaton Intelligent Power Manager <1.69 - RCE
CVSS 10.0
CVE-2021-23277 HIGH
Eaton Intelligent Power Manager < 1.69 - Unauthenticated Eval Injection in loadUserFile Function
CVSS 8.3
CVE-2021-21433 CRITICAL
demon1a/discord-recon < 0.0.2 - Remote Code Execution
CVSS 9.9
CVE-2021-1362 HIGH
Cisco Unified Communications Manager 10.5(2)-11.5(1)su8 - Authenticated RCE via SOAP API
CVSS 8.8
CVE-2021-24209 HIGH
WP Super Cache < 1.7.2 - Authenticated Remote Code Execution via Cache Location Setting
CVSS 7.2
CVE-2021-23358 LOW
underscore 1.3.2-1.12.1 - Arbitrary Code Injection via Template Function
CVSS 3.3
CVE-2021-27438 HIGH
Reason DR60 <02A04.1 - Info Disclosure
CVSS 8.8
CVE-2021-21345 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 5.8
CVE-2021-27928 HIGH
MariaDB <10.2.37, 10.3.28, 10.4.18, 10.5.9 - RCE
CVSS 7.2
CVE-2021-27230 HIGH
ExpressionEngine <5.4.2, <6.0.3 - Code Injection
CVSS 8.8
CVE-2021-3411 MEDIUM
Linux Kernel < 5.10 - Memory Access Violation in int3 Padding Detection
CVSS 6.7
CVE-2021-21480 HIGH
SAP Manufacturing Integration and Intelligence - Remote Code Execution via JSP Dashboard Injection
CVSS 8.8
CVE-2021-23344 CRITICAL
total.js < 3.4.8 - Remote Code Execution via set
CVSS 9.8
CVE-2021-21353 MEDIUM
pug < 3.0.1 - Remote Code Execution via Pretty Option Injection
CVSS 6.8
CVE-2021-25283 CRITICAL
SaltStack Salt <3002.5 - Code Injection
CVSS 9.8
CVE-2021-3273 HIGH
Nagios XI < 5.7 - Authenticated Code Injection in graphtemplates.php
CVSS 7.2
CVE-2021-26120 CRITICAL
Smarty < 3.1.39 - Code Injection via Unexpected Function Name
CVSS 9.8
CVE-2021-23337 HIGH
Lodash <4.17.21 - Command Injection
CVSS 7.2
CVE-2021-25251 HIGH
Trend Micro Security - Code Injection
CVSS 7.2
CVE-2021-21477 CRITICAL
SAP Commerce Cloud 1808,1811,1905,2005,2011 - Authenticated Remote Code Execution via Drools Rule Injection
CVSS 9.9
CVE-2021-26551 HIGH
SmartFoxServer 2.17.0 - Remote Code Execution via Console Module Unlock Bypass
CVSS 8.8
CVE-2021-21305 HIGH
CarrierWave <2.1.1 - Code Injection
CVSS 7.4
Details
Vulnerabilities 6,519
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits