CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94
CVE-2024-12417 MEDIUM
WordPress Simple Link Directory <= 8.4.5 - Unauthenticated Shortcode Execution
CVSS 6.5
CVE-2024-55918 MEDIUM
Graphics::ColorNames < 3.2.0 - HTML Injection via Module Filename Ambiguity
CVSS 5.3
CVE-2024-55877 CRITICAL
XWiki 9.7-15.10.10 - Authenticated Remote Code Execution via WikiMacroClass Instance Injection
CVSS 9.9
CVE-2024-55662 CRITICAL
XWiki 3.3-15.10.8 - Unauthenticated Remote Code Execution via Extension Repository Application
CVSS 9.9
CVE-2024-21574 CRITICAL
Ltdrdata ComfyUI-Manager <= 2.51.1 - Remote Code Execution
CVSS 10.0
CVE-2024-12333 MEDIUM
Woodmart < 8.0.3 - Unauthenticated Arbitrary Shortcode Execution via woodmart_instagram_ajax_query AJAX Action
CVSS 6.5
CVE-2024-10910 HIGH
The Grid Plus - Unlimited <1.3.5 - RCE
CVSS 7.3
CVE-2024-55660 CRITICAL
SiYuan < 3.1.16 - Server-Side Template Injection via Sprig Template Engine
CVSS 9.8
CVE-2024-54529 HIGH
macOS < 13.7.2, < 14.7.2, < 15.2 - Arbitrary Code Execution via Sandbox Escape
CVSS 7.8
CVE-2024-12536 LOW
SourceCodester Kortex Lite Advocate Office Management System 1.0 - Cross-Site Scripting via client_data.php id Parameter
CVSS 3.5
CVE-2024-12503 LOW
ClassCMS 4.8 - Cross-Site Scripting via Model Management Page URL Parameter
CVSS 2.4
CVE-2024-42448 CRITICAL
Veeam Service Provider Console 8.1 - Management Agent Remote Code Execution
CVSS 9.9
CVE-2024-54152 CRITICAL
Angular Expressions < 1.4.3 - Remote Code Execution via Sandbox Escape
CVE-2024-10959 HIGH
The Active Products Tables for WooCommerce <1.0.6.5 - RCE
CVSS 7.3
CVE-2024-12359 LOW
code-projects Admin Dashboard 1.0 - Cross-Site Scripting via Username Parameter in Vendor Management
CVSS 3.5
CVE-2024-55580 HIGH
Qlik Sense Enterprise for Windows <November 2024 IR - RCE
CVSS 7.5
CVE-2024-12350 MEDIUM
JFinalCMS 1.0 - Remote Code Execution via Template Handler Content Argument
CVSS 6.3
CVE-2024-12348 LOW
jpress 5.1.2 - Cross-Site Scripting in Attachment Upload Handler
CVSS 3.5
CVE-2024-12346 LOW
Talentera < 20241128 - Cross-Site Scripting via redirect_url Parameter
CVSS 3.5
CVE-2024-51815 CRITICAL
WP Sharks s2Member Pro <241114 - Code Injection
CVSS 9.0
CVE-2024-21571 HIGH
Snyk Code Agent - Remote Code Execution
CVSS 8.1
CVE-2024-10771 HIGH
SICK InspectorP61x/InspectorP62x/TiM3xx - Remote Code Execution
CVSS 8.8
CVE-2024-10909 MEDIUM
Pojo Forms <= 1.4.7 - Authenticated Arbitrary Shortcode Execution via form_preview_shortcode AJAX Action
CVSS 6.3
CVE-2024-10681 MEDIUM
WordPress ARMember <= 4.0.51 - Subscriber Shortcode Execution
CVSS 6.3
CVE-2024-37862 HIGH
Open Robotic Robotic Operating System 2 - Buffer Overflow
CVSS 7.3
Details
Vulnerabilities 6,507
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits