Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,528 vulnerabilities with CWE-94

CVE-2020-10389 HIGH

Chadha PHPKB Standard Multi-Language 9 - Authenticated Remote Code Execution via Global Settings POST Parameters

CVE-2020-5203 CRITICAL

Fat-Free Framework < 3.7.2 - Remote Code Execution via Clear Method

CVE-2020-5259 HIGH

dojox < 1.11.10 - Prototype Pollution via jqMix Method

CVE-2020-5258 HIGH

dojo < 1.11.10 - Prototype Pollution via deepCopy Method

CVE-2020-10257 CRITICAL

ThemeREX Addons < 2020-03-09 - Unauthenticated Remote Code Execution via REST API Endpoint

CVE-2020-9530 MEDIUM

MIUI Firmware - Information Disclosure via GetApps Export Component

CVE-2020-8132 CRITICAL

pdf-image <= 2.0.0 - Remote Code Execution via Untrusted PDF File Path

CVE-2020-9406 CRITICAL

IBL Online Weather < 4.3.5 - Unauthenticated Code Injection via queryBCP Method

CVE-2020-8518 CRITICAL

Horde Groupware Webmail Edition <5.2.22 - Code Injection

CVE-2020-8129 CRITICAL

script-manager < 0.8.6 - Remote Code Execution via Unintended Require

CVE-2020-5529 HIGH

HtmlUnit < 2.37.0 - Remote Code Execution via Improper Rhino Engine Initialization

CVE-2020-8644 CRITICAL KEV

playsms < 1.4.3 - Unauthenticated Remote Code Execution via Template Injection

CVE-2020-6836 CRITICAL

hot-formula-parser < 3.0.1 - Remote Code Execution via Unsanitized Formula Input

CVE-2019-25468 CRITICAL

NetGain EM Plus 10.1.68 - Unauthenticated Remote Code Execution via script_test.jsp Content Parameter

CVE-2019-25262 LOW

elinicksic Razgover <db37dfc5c82f023a40f2f7834ded6633fb2b5262 - XSS

CVE-2019-8900 MEDIUM

Apple SecureROM - Unauthenticated Arbitrary Code Execution via DFU Mode Exploit

CVE-2019-16283 HIGH

HP SoftPaq Installer - Arbitrary Code Execution

CVE-2019-14827 MEDIUM

Moodle 3.5.0-3.5.7 - Cross-Site Scripting via Mustache Template Recursive Rendering

CVE-2019-20920 HIGH

Handlebars <3.0.8 & 4.x <4.5.3 - RCE

CVE-2019-7177 HIGH

Pexip Infinity <20.1 - Code Injection

CVE-2019-5997 CRITICAL

Panasonic Video Insight VMS < 7.5 - Remote Code Injection

CVE-2019-19089 MEDIUM

Hitachi Energy eSOMS 4.0-6.0.3 - Missing X-Content-Type-Options Header

CVE-2019-9163 CRITICAL

March Networks Command Client < 2.7.2 - Remote Code Execution via Crafted XAML Objects

CVE-2019-16108 HIGH

phpBB 3.2.7 - Cascading Style Sheets Injection via BBCode

CVE-2019-18582 HIGH

Dell EMC Data Protection Advisor <19.1-6.5 - Server-Side Template I...

Previous Page 161 of 262 Next

Details

Vulnerabilities 6,528

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy