Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,506 vulnerabilities with CWE-94

CVE-2024-40673 MEDIUM

Android Java ZipFile - Dynamic Code Loading Remote Code Execution

CVE-2024-13499 HIGH

GamiPress - Gamification <7.2.1 - RCE

CVE-2024-13495 HIGH

GamiPress < 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs

CVE-2024-49747 CRITICAL

Android Bluetooth GATT - Out-of-Bounds Write Remote Code Execution

CVE-2024-43771 HIGH

Android - Remote Code Execution via Missing Bounds Check in gatts_process_read_req

CVE-2024-43770 HIGH

Android - Remote Code Execution via Missing Bounds Check in gatts_process_find_info

CVE-2024-24421 CRITICAL

Magma <= 1.8.0 - Remote Code Execution via NAS Packet Type Confusion

CVE-2024-51941 HIGH

Ambari - Authenticated Code Injection

CVE-2024-42936 CRITICAL

Ruijie RG-EW300N - ReyeeOS 1.300.1422 - RCE

CVE-2024-55504 MEDIUM

RAR Extractor - Unarchiver Free and Pro <6.4.0 - Code Injection

CVE-2024-10970 MEDIUM

Motors - Car Dealer, Classifieds & Listing < 1.4.43 - Authenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2024-27856 HIGH

Apple Safari and OSes - File Processing Arbitrary Code Execution

CVE-2024-42911 HIGH

ECOVACS Robotics Deebot T20 OMNI & T20e OMNI <1.24.0 - RCE

CVE-2024-49375 CRITICAL

Rasa < 3.6.21 and Rasa-Pro < 3.10.12 - Remote Code Execution via Malicious Model Deserialization

CVE-2024-53561 HIGH

Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 - RCE

CVE-2024-57487 MEDIUM

Car Rental System 1.0 File Upload RCE (Authenticated)

CVE-2024-54999 MEDIUM

MonicaHQ 4.1.2 - Client-Side Injection via Last Name Parameter

CVE-2024-9132 HIGH

Arista ng_firewall < 17.1.1 - Authenticated Code Injection via Captive Portal Script

CVE-2024-54997 MEDIUM

MonicaHQ v4.1.1 - Authenticated Client-Side Injection via Journal Entry Text Field

CVE-2024-54996 HIGH

MonicaHQ 4.1.2 - Authenticated Client-Side Injection via Reminder Title and Description Parameters

CVE-2024-54724 CRITICAL

PHPYun < 7.0.2 - Remote Code Execution via Arbitrary File Write and Inclusion

CVE-2024-13213 LOW

SingMR HouseRent 1.0 - Cross-Site Scripting via /toAdminUpdateHousePage hID Parameter

CVE-2024-13209 LOW

Redaxo CMS 5.18.1 - Cross-Site Scripting via Article Name Parameter

CVE-2024-13205 LOW

kurniaramadhan E-Commerce-PHP 1.0 - Stored Cross-Site Scripting via Create Product Page Name Parameter

CVE-2024-13202 LOW

wander-chu SpringBoot-Blog 1.0 - XSS

Previous Page 90 of 261 Next

Details

Vulnerabilities 6,506

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy