Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,528 vulnerabilities with CWE-94

CVE-2020-15171 MEDIUM

XWiki < 11.10.5 - Authenticated Remote Code Execution via Servlet Context Access

CVE-2020-6318 HIGH

SAP NetWeaver <7.40 & ABAP Platform >7.40 - RCE

CVE-2020-7381 MEDIUM

Rapid7 Nexpose < 6.6.40 - Unauthenticated Code Execution via Executable Spoofing

CVE-2020-15167 HIGH

Miller 5.9.0 - Unauthenticated Remote Code Execution via Malicious .mlrrc File

CVE-2020-6144 CRITICAL

OS4Ed openSIS 7.4 - Remote Code Execution via Username Variable in Install Step5

CVE-2020-6143 CRITICAL

OS4Ed openSIS 7.4 - Remote Code Execution via Install Password Variable Injection

CVE-2020-15150 CRITICAL

Paginator < 1.0.0 - Remote Code Execution via paginate() Function Input

CVE-2020-15147 HIGH

Red Discord Bot < 3.3.12 - Remote Code Execution via Streams Module Going Live Message

CVE-2020-7710 HIGH

safe-eval - Remote Code Execution

CVE-2020-15070 HIGH

Zulip Server <2.1.7 - Code Injection

CVE-2020-15865 CRITICAL

Stimulsoft Reports 2013.1.1600.0 - Remote Code Execution via Base-64 Encoded C# Scripts in Report XML

CVE-2020-15142 HIGH

openapi-python-client <0.5.3 - Code Injection

CVE-2020-10055 CRITICAL

Siemens Desigo CC and Desigo CC Compact - Remote Code Execution via BIRT Advanced Reporting Engine

CVE-2020-8224 HIGH

Nextcloud Desktop Client 2.6.4 - Code Injection

CVE-2020-8218 HIGH KEV

Pulse Connect Secure <9.1R8 - Code Injection

CVE-2020-7694 LOW

uvicorn < 0.11.7 - ANSI Escape Sequence Injection via Request Logger

CVE-2020-12013 CRITICAL

Mitsubishi Electric MC Works32 and MC Works64 < 10.95.208.31 - Remote Code Execution via WCF Client

CVE-2020-11546 CRITICAL

SuperWebMailer < 7.40.0.01550 - Unauthenticated Remote Code Execution via Language Parameter

CVE-2020-8194 MEDIUM

Citrix ADC & Gateway <13.0-58.30 - Code Injection

CVE-2020-8163 HIGH

Rails < 5.0.1 - Remote Code Execution via Render Locals Argument

CVE-2020-15348 CRITICAL

Zyxel CloudCNM SecuManager <3.1.1 - Code Injection

CVE-2020-5593 HIGH

Zenphoto < 1.5.7 - PHP Code Injection via Crafted ZIP Upload

CVE-2020-7675 CRITICAL

cd-messenger <= 2.7.26 - Remote Code Execution via Color Argument Eval Injection

CVE-2020-7674 CRITICAL

access-policy < 3.1.0 - Remote Code Execution via Template Function

CVE-2020-7673 CRITICAL

node-extend < 0.2.0 - Remote Code Execution via Unsafe Eval in extend Function

Previous Page 159 of 262 Next

Details

Vulnerabilities 6,528

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy