Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,506 vulnerabilities with CWE-94

CVE-2024-13900 MEDIUM

Head, Footer and Post Injections <= 3.3.0 - Authenticated PHP Code Injection

CVE-2024-54756 CRITICAL

GZDoom 4.13.1 - Remote Code Execution via Crafted PK3 ZScript File

CVE-2024-57401 CRITICAL

Uniclare Student Portal <2 - SQL Injection

CVE-2024-13792 HIGH

WooCommerce Food - Restaurant Menu & Food ordering <= 3.3.2 - Unauthenticated Arbitrary Shortcode Execution

CVE-2024-13689 MEDIUM

Uncode Core <= 2.9.1.6 - Authenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2024-13797 HIGH

PressMart Modern Elementor WooCommerce WordPress Theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode Execution

CVE-2024-13346 HIGH

WordPress Avada <= 7.11.13 - Unauthenticated Shortcode Execution

CVE-2024-13345 HIGH

Avada Builder < 3.11.13 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2024-13814 MEDIUM

Global Gallery - WordPress Responsive Gallery <= 9.1.5 - Authenticated Arbitrary Shortcode Execution

CVE-2024-10644 CRITICAL

Ivanti Connect Secure < 22.7R2.4 and Policy Secure < 22.7R1.3 - Authenticated Remote Code Execution via Code Injection

CVE-2024-27859 HIGH

Apple iOS iPadOS macOS tvOS visionOS watchOS < 17.4 14.4 17.4 1.1 10.4 - Remote Code Execution

CVE-2024-7425 MEDIUM

WP All Export Pro <= 1.9.1 - Authenticated Privilege Escalation via Arbitrary Option Update

CVE-2024-7419 HIGH

WP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields

CVE-2024-57707 CRITICAL

DataEase v1 - Remote Code Execution via User Account and Password Components

CVE-2024-57609 HIGH

Kanaries Inc Pygwalker <0.4.9.9 - RCE

CVE-2024-55241 HIGH

LMM-As-Chatbot <commit 99c2c03 - RCE

CVE-2024-13487 HIGH

CURCY - Multi Currency for WooCommerce <2.2.5 - RCE

CVE-2024-57099 CRITICAL

ClassCMS 4.8 - Remote Code Execution via Model Management Classview Parameter

CVE-2024-12415 MEDIUM

AI Infographic Maker <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2024-13472 HIGH

WooCommerce Product Table Lite <3.9.4 - RCE

CVE-2024-23921 HIGH

ChargePoint Home Flex Firmware - Unauthenticated Remote Code Execution via wlanapp Module

CVE-2024-23963 HIGH

Alpine Halo9 ilx-f509_firmware - Remote Code Execution via PBAP_DecodeVCARD Buffer Overflow

CVE-2024-11600 HIGH

WordPress Borderless <= 1.6.0 - Admin write_config Code Execution

CVE-2024-13453 HIGH

WordPress PirateForms <= 2.6.0 - Unauthenticated Shortcode Execution

CVE-2024-10001 HIGH

GitHub Enterprise Server - Code Injection

Previous Page 89 of 261 Next

Details

Vulnerabilities 6,506

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy