CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94
CVE-2024-10382 HIGH
androidx.car.app < 1.7.0-beta02 - Remote Code Execution via Untrusted Deserialization
CVSS 7.5
CVE-2024-10899 HIGH
WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & XSS via 'id' Parameter
CVSS 7.3
CVE-2024-48694 CRITICAL
Xi'an Daxi Information technology OfficeWeb365 <8.6.1.0 - File Upload
CVSS 9.8
CVE-2024-48070 CRITICAL
Weaver E-cology - Remote Code Execution via Malicious Request Injection
CVSS 9.8
CVE-2024-11038 HIGH
WPB Popup for Contact Form 7 < 1.7.5 - Unauthenticated Shortcode Execution
CVSS 7.3
CVE-2024-11036 HIGH
GamiPress < 7.1.6 - Unauthenticated Arbitrary Shortcode Execution via gamipress_get_user_earnings AJAX Action
CVSS 7.3
CVE-2024-50804 HIGH
Micro-star International MSI Center Pro <2.1.37.0 - RCE
CVSS 7.8
CVE-2024-50919 CRITICAL
Jpress < 5.1.1 - Unauthenticated Arbitrary File Upload and Remote Code Execution via JSP File Construction
CVSS 9.8
CVE-2024-44757 HIGH
NUS-M9 ERP Mgmt <3.0.0 - Info Disclosure
CVSS 7.5
CVE-2024-52434 CRITICAL
Popup by Supsystic <= 1.10.29 - Remote Code Execution via Untrusted Data Deserialization
CVSS 9.1
CVE-2024-52427 CRITICAL
Saso Nikolov Event Tickets <2.3.11 - SSRF
CVSS 9.9
CVE-2024-48962 HIGH
Apache OFBiz < 18.12.17 - Cross-Site Request Forgery
CVSS 8.8
CVE-2024-47208 CRITICAL
Apache OFBiz <18.12.17 - SSRF/Code Injection
CVSS 9.8
CVE-2024-52945 HIGH
Veritas NetBackup < 10.5 - Unauthenticated DLL Hijacking via Social Engineering
CVSS 7.8
CVE-2024-9839 HIGH
Uix Slideshow < 1.6.5 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode
CVSS 7.3
CVE-2024-10262 MEDIUM
The Drop Shadow Boxes plugin <1.7.14 - RCE
CVSS 6.3
CVE-2024-44758 CRITICAL
NUS-M9 ERP Management Software <3.0.0 - Code Injection
CVSS 9.8
CVE-2024-11259 LOW
code-projects Farmacia 1.0 - Cross-Site Scripting in /fornecedores.php
CVSS 3.5
CVE-2024-51330 MEDIUM
UltiMaker Cura <= 5.8.1 - Remote Code Execution via IPC Mechanism
CVSS 4.4
CVE-2024-11247 LOW
SourceCodester Online Eyewear Shop 1.0 - Cross-Site Scripting via Inventory Page Brand Parameter
CVSS 3.5
CVE-2024-11246 LOW
Farmacia 1.0 - Cross-Site Scripting via nome/cpf/dataNascimento Parameters
CVSS 3.5
CVE-2024-11243 MEDIUM
code-projects Online Shop Store 1.0 - Cross-Site Scripting via /signup.php m2 Parameter
CVSS 4.3
CVE-2024-11240 LOW
ibWebAdmin <= 1.0.2 - Cross-Site Scripting via db_login_role Parameter
CVSS 3.5
CVE-2024-52393 CRITICAL
Podlove Podcast Publisher <4.1.15 - Info Disclosure
CVSS 9.1
CVE-2024-49362 HIGH
Joplin < 3.1 - Remote Code Execution via Unsanitized Mermaid Link Attributes
CVSS 7.7
Details
Vulnerabilities 6,507
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits