CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,503 vulnerabilities with CWE-94
CVE-2024-53924 CRITICAL
Pycel through 1.0b30 - Remote Code Execution via Crafted Spreadsheet Formula
CVSS 9.8
CVE-2024-56518 CRITICAL
Hazelcast Management Center <6.0 - RCE
CVSS 9.8
CVE-2024-53303 HIGH
LRQA Nettitude PoshC2 <123db87 - RCE
CVSS 8.8
CVE-2024-50960 HIGH
Extron SMP 111 <=3.01, SMP 351/352 <=2.16, SME 211 <=3.02 - Authenticated Command Injection
CVSS 7.2
CVE-2024-13861 HIGH
Sophos Taegis Endpoint Agent < 1.3.10 - Local Code Injection via Debian Package Component
CVSS 7.8
CVE-2024-13645 CRITICAL
tagDiv Composer <5.3 - Code Injection
CVSS 9.8
CVE-2024-45199 HIGH
insightsoftware Hive JDBC <2.6.13 - RCE
CVSS 8.8
CVE-2024-45198 HIGH
insightsoftware Spark JDBC 2.6.21 - RCE
CVSS 8.8
CVE-2024-54807 CRITICAL
Netgear WNR854T 1.5.2 - OS Command Injection via AddPortMapping NewInternalClient Parameter
CVSS 9.8
CVE-2024-54806 CRITICAL
Netgear WNR854T 1.5.2 - OS Command Injection via cmd.cgi
CVSS 9.8
CVE-2024-54805 CRITICAL
Netgear WNR854T 1.5.2 - OS Command Injection via nvram get_email Parameter
CVSS 9.8
CVE-2024-54804 CRITICAL
Netgear WNR854T 1.5.2 - OS Command Injection via wan_hostname Parameter
CVSS 9.8
CVE-2024-54803 CRITICAL
Netgear WNR854T 1.5.2 - OS Command Injection via pppoe_peer_mac Parameter
CVSS 9.8
CVE-2024-13557 MEDIUM
Shortcodes by United Themes <5.1.6 - RCE
CVSS 6.5
CVE-2024-55964 CRITICAL
Appsmith < 1.52 - Authenticated Remote Code Execution via PostgreSQL Datasource Query
CVSS 9.8
CVE-2024-41643 MEDIUM
Arris NVG443B 9.3.0h3d36 - Authenticated Remote Code Execution via cshell Login Component
CVSS 6.8
CVE-2024-55028 CRITICAL
NASA Fprime 3.4.3 - Remote Code Execution via Crafted Vue File Upload
CVSS 9.8
CVE-2024-48818 CRITICAL
Bodhitree of cs101 - RCE
CVSS 9.8
CVE-2024-45480 CRITICAL
B&R APROL <4.4-00P5 - Code Injection
CVE-2024-9439 HIGH
SuperAGI - Remote Code Execution via Agent Template Update API
CVSS 8.8
CVE-2024-6982 HIGH
parisneo/lollms < 9.10 - Remote Code Execution via Calculate Function Sandbox Bypass
CVSS 8.4
CVE-2024-6825 HIGH
litellm < 1.65.4 - Remote Code Execution via Post Call Rules Callback Injection
CVSS 8.8
CVE-2024-12215 HIGH
kedro 0.19.8 - Remote Code Execution via setup.py in Micro Package Extraction
CVSS 8.8
CVE-2024-10954 HIGH
binary-husky gpt_academic - Remote Code Execution via Manim Plugin Prompt Injection
CVSS 8.8
CVE-2024-10950 HIGH
binary-husky/gpt_academic <= 3.83 - Remote Code Execution via CodeInterpreter Plugin Prompt Injection
CVSS 8.8
Details
Vulnerabilities 6,503
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits