Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-12841 MEDIUM

emlog < 2.4.1 - Cross-Site Scripting via /admin/tag.php Keyword Parameter

CVE-2024-56327 CRITICAL

pyrage 1.2.0-1.2.2 - Remote Code Execution via Malicious Plugin

CVE-2024-12729 HIGH

Sophos Firewall < 21.0.1 - Authenticated Remote Code Execution via User Portal

CVE-2024-12790 LOW

Hostel Management Site 1.0 - Cross-Site Scripting in room-details.php

CVE-2024-12789 MEDIUM

PbootCMS < 3.2.4 - Remote Code Execution via Tag Parameter in IndexController

CVE-2024-9154 HIGH

HMS Networks Ewon Flexy 205 <14.8s0 - Code Injection

CVE-2024-12783 LOW

Vehicle Management System 1.0 - Cross-Site Scripting via billaction.php Extra-Cost Parameter

CVE-2024-11740 HIGH

WordPress Download Manager <= 3.3.03 - Unauthenticated Shortcode Execution

CVE-2024-55505 HIGH

CodeAstro Complaint Management System 1.0 - Privilege Escalation via mess-view.php

CVE-2024-56145 CRITICAL KEV

Craft CMS Twig Template Injection RCE via FTP Templates Path

CVE-2024-36694 HIGH

OpenCart 4.0.2.3 - Server-Side Template Injection via Theme Editor Function

CVE-2024-56051 HIGH

VibeThemes WPLMS < 1.9.9.5 - Remote Code Execution

CVE-2024-12372 CRITICAL

Rockwell Automation Power Monitor 1000 - RCE/DoS

CVE-2024-21546 CRITICAL

unisharp/laravel-filemanager < 2.9.1 - Remote Code Execution via Mimetype and File Extension Manipulation

CVE-2024-55085 CRITICAL

GetSimple CMS CE 3.3.19 - Remote Code Execution via Template Editing Function

CVE-2024-37773 MEDIUM

Sunbird DCIM dcTrack 9.1.2 - Authenticated HTML Injection in Admin Screen

CVE-2024-12665 LOW

ruifang-tech Rebuild 3.8.5 - Stored Cross-Site Scripting in Task Comment Attachment Upload

CVE-2024-12664 LOW

ruifang-tech Rebuild 3.8.5 - Stored Cross-Site Scripting in Project Task Comment Handler

CVE-2024-56072 HIGH

FastNetMon Community Edition < 1.2.7 - Denial of Service via sFlow v5 Plugin

CVE-2024-55661 HIGH

Laravel Pulse < 1.3.1 - Authenticated Remote Code Execution via Livewire remember() Method

CVE-2024-21577 CRITICAL

ComfyUI-Ace-Nodes - Remote Code Execution via ACE_ExpressionEval Node

CVE-2024-21576 CRITICAL

ComfyUI-Bmad-Nodes - Code Injection

CVE-2024-11012 MEDIUM

The Notibar - Notification Bar for WordPress plugin <2.1.4 - RCE

CVE-2024-12421 MEDIUM

The Coupon Affiliates - Affiliate Plugin for WooCommerce <5.16.7.1 ...

CVE-2024-12420 MEDIUM

WordPress WPMobile.App <= 11.52 - Unauthenticated Shortcode Execution

Previous Page 94 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy