Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,503 vulnerabilities with CWE-94

CVE-2024-48908 MEDIUM

lycheeverse/lychee-action < 2.0.2 - Code Injection via lychee-setup in action.yml

CVE-2024-37777 HIGH

Zoneland O2oa - Code Injection

CVE-2024-52786 CRITICAL

Anji-plus AJ-Report <1.4.2 - Auth Bypass

CVE-2024-41921 HIGH

Robot Operating System Noetic Ninjemys and earlier - Code Injection via rostopic echo --filter Option

CVE-2024-41148 HIGH

Robot Operating System Noetic Ninjemys and earlier - Code Injection via rostopic hz --filter Option

CVE-2024-39835 HIGH

Robot Operating System Noetic Ninjemys and earlier - Remote Code Execution via roslaunch Substitution Args

CVE-2024-39289 HIGH

Robot Operating System Noetic Ninjemys and earlier - Remote Code Execution via rosparam Angle Converter Eval Injection

CVE-2024-51768 HIGH

HPE AutoPass License Server <9.17 - RCE

CVE-2024-58258 HIGH

SugarCRM <13.0.4 and 14.x <14.0.1 - Server-Side Request Forgery via API Module Code Injection

CVE-2024-7650 MEDIUM

OpenText Directory Services <23.4 - Code Injection

CVE-2024-37743 CRITICAL

mmzdev KnowledgeGPT 0.0.5 - Remote Code Execution via Document Display Component

CVE-2024-51360 CRITICAL

Hospital Management System In PHP V4.0 - Remote Code Execution via Doctor Edit Profile

CVE-2024-13952 HIGH

ABB ASPECT-Enterprise NEXUS Series and MATRIX Series <= 3.* - Information Exposure via Predictable Filename

CVE-2024-9639 HIGH

ABB ASPECT, NEXUS, and MATRIX <= 3.08.03 - Compromised Admin Code Execution

CVE-2024-13929 HIGH

ABB ASPECT, NEXUS, and MATRIX <= 3.08.03 - Servlet Injection Code Execution

CVE-2024-13928 HIGH

ABB ASPECT-Enterprise NEXUS and MATRIX Series <= 3.08.03 - Authenticated SQL Injection

CVE-2024-54780 HIGH

pfSense CE < 2.8.0 and Plus < 25.03 - Authenticated Command Injection via OpenVPN Widget remipp Parameter

CVE-2024-24780 CRITICAL

Apache IoTDB 1.0.0-1.3.3 - Authenticated Remote Code Execution via UDF URI

CVE-2024-13793 HIGH

Wolmart < 1.8.11 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2024-13738 HIGH

The Motors - Car Dealer, Rental & Listing WordPress theme <5.6.65 -...

CVE-2024-13420 MEDIUM

G5Theme April Framework <5.1 - Authenticated Missing Authorization via AJAX Actions

CVE-2024-32499 MEDIUM

Newforma Project Center Server <2023.3.0.32259 - RCE

CVE-2024-13812 MEDIUM

Anps Theme plugin <= 1.1.1 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2024-13808 HIGH

Xpro Elementor Addons - Pro <= 1.4.9 - Authenticated Remote Code Execution via Custom PHP Widget

CVE-2024-40446 CRITICAL

MimeTex < 1.77 - Remote Code Execution via Crafted Script

Previous Page 86 of 261 Next

Details

Vulnerabilities 6,503

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy