Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,503 vulnerabilities with CWE-94

CVE-2024-10572 HIGH

h2o 3.46.0.1 - Denial of Service via XGBoostLibExtractTool in run_tool Command

CVE-2024-10252 HIGH

langgenius/dify <=v0.9.1 - Code Injection

CVE-2024-57061 CRITICAL

Termius 9.9.0-9.16.0 - Arbitrary Code Execution via Insecure Electron Fuses Configuration

CVE-2024-21760 HIGH

FortiSOAR 6.4.0-7.4.4 - Authenticated Code Injection via Playbook Code Snippet

CVE-2024-54448 HIGH

LogicalDOC < 9.1 - Authenticated Remote Code Execution via Automation Scripting

CVE-2024-29409 MEDIUM

nestjs/nest 10.3.2 - Remote Code Execution via Content-Type Header

CVE-2024-13895 MEDIUM

Code Snippets CPT < 2.1.0 - Authenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2024-13890 HIGH

Allow PHP Execute <= 1.0 - Authenticated PHP Code Injection via Unfiltered HTML

CVE-2024-42733 CRITICAL

Docmosis Tornado < 2.9.7 - Remote Code Execution via UNC Path Input

CVE-2024-53693 HIGH

QNAP QTS and QuTS hero - CRLF Injection

CVE-2024-50405 MEDIUM

QNAP OS <5.2.3.3006 - CRLF Injection

CVE-2024-13902 LOW

huang-yk student-manage 1.0 - Cross-Site Scripting via Class Parameter

CVE-2024-13815 MEDIUM

Listingo <= 3.2.7 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2024-50707 CRITICAL

Uniguest Tripleplay < 24.2.1 - Unauthenticated Remote Code Execution via X-Forwarded-For Header

CVE-2024-50704 CRITICAL

Uniguest Tripleplay < 24.2.1 - Unauthenticated Remote Code Execution via HTTP POST Request

CVE-2024-53386 MEDIUM

stage.js < 0.8.10 - DOM Clobbering and Cross-Site Scripting via document.currentScript Shadowing

CVE-2024-53382 MEDIUM

PrismJS < 1.29.0 - DOM Clobbering and Cross-Site Scripting via document.currentScript Shadowing

CVE-2024-13806 MEDIUM

The Authors List plugin <2.0.6 - RCE

CVE-2024-53944 CRITICAL

Tuoshi/Dionlink LT15D/LT21B - Command Injection

CVE-2024-9285 MEDIUM

Via Browser <= 5.9.0 - Cross-Site Scripting via JavaScript Bridge

CVE-2024-52925 MEDIUM

OPSWAT MetaDefender Kiosk <4.7.0 - RCE

CVE-2024-47051 CRITICAL

Mautic < 5.2.3 - Authenticated Remote Code Execution and Path Traversal via Asset Upload

CVE-2024-13900 MEDIUM

Head, Footer and Post Injections <= 3.3.0 - Authenticated PHP Code Injection

CVE-2024-54756 CRITICAL

GZDoom 4.13.1 - Remote Code Execution via Crafted PK3 ZScript File

CVE-2024-57401 CRITICAL

Uniclare Student Portal <2 - SQL Injection

Previous Page 88 of 261 Next

Details

Vulnerabilities 6,503

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy