Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,530 vulnerabilities with CWE-94

CVE-2018-16343 HIGH

SeaCMS 6.61 - Remote Code Execution via parseIf() GLOBALS Bypass

CVE-2018-6499 HIGH

Microfocus Data Center Automation - Code Injection

CVE-2018-6498 HIGH

Microfocus Data Center Automation - Code Injection

CVE-2018-15728 HIGH

Couchbase Server <=5.5.1 Authenticated RCE via /diag/eval

CVE-2018-3784 CRITICAL

cryo 0.0.6 - Remote Code Execution via Insecure Deserialization

CVE-2018-8346 HIGH

Windows 7 and Server 2008 - Remote Code Execution via LNK File Processing

CVE-2018-8345 HIGH

Windows - Remote Code Execution via LNK File Processing

CVE-2018-8344 HIGH

Windows - Remote Code Execution via Embedded Font Handling

CVE-2018-14716 HIGH

nystudio107 SEOmatic < 3.1.4 - Server-Side Template Injection via Canonical URL Generation

CVE-2018-14910 HIGH

SeaCMS v6.61 - Remote Code Execution via IP Address Field

CVE-2018-7748 HIGH

ServiceNow <Jakarta Patch 8 - Code Injection

CVE-2018-14579 CRITICAL

GolemCMS < 2008-12-24 - Remote Code Execution via Install Table Prefix Field

CVE-2018-1999023 HIGH

The Battle for Wesnoth Project <1.7.0-1.14.3 - Code Injection

CVE-2018-1999022 CRITICAL

PEAR HTML_QuickForm <3.2.14 - Code Injection

CVE-2018-1999019 CRITICAL

Chamilo LMS <11.x - Unauthenticated RCE

CVE-2018-14421 HIGH

SeaCMS v6.61 - Remote Code Execution via Movie Picture Address

CVE-2018-7602 CRITICAL KEV

Drupal 7.x < 7.59 - Remote Code Execution

CVE-2018-14399 CRITICAL

PHPCMS 9.6.0 - Remote Code Execution via Malicious File Upload

CVE-2018-8284 HIGH

.NET Framework - Remote Code Execution via Improper Input Validation

CVE-2018-2427 HIGH

SAP BusinessObjects Business Intelligence Suite 4.10-4.20 - Code Injection

CVE-2018-13818 CRITICAL

symfony/twig < 2.4.4 - Server-Side Template Injection via search_key Parameter

CVE-2018-3608 CRITICAL

Trend Micro Antivirus+ Security < 12.0.1191 - Code Injection via User-Mode Hooking Driver

CVE-2018-13043 CRITICAL

Debian devscripts < 2.18.3 - Remote Code Execution via Unsafe YAML Loading

CVE-2018-12995 HIGH

OneFileCMS < 2012-04-14 - Remote Code Execution via Upload Screen

CVE-2018-12994 HIGH

OneFileCMS < 2012-04-14 - Remote Code Execution via New File Upload

Previous Page 170 of 262 Next

Details

Vulnerabilities 6,530

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy