Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-5082 HIGH

Sonatype Nexus Repository <2.15.1 - RCE

CVE-2024-40671 HIGH

Devmem Server < - Privilege Escalation

CVE-2024-11175 LOW

PublicCMS 5.202406.d - Cross-Site Scripting in Voting Management

CVE-2024-21541 HIGH

dom-iterator < 1.0.1 - Remote Code Execution via Function Constructor

CVE-2024-49048 HIGH

TorchGeo < 0.6.1 - Remote Code Execution

CVE-2024-11130 LOW

ZZCMS < 2023 - Cross-Site Scripting via /admin/msg.php Keyword Parameter

CVE-2024-11102 LOW

Hospital Management System 1.0 - Stored Cross-Site Scripting via Edit Doctor Name Parameter

CVE-2024-50636 CRITICAL

PyMOL 2.5.0 - Remote Code Execution via Malicious .PYM File

CVE-2024-46966 HIGH

Ikhgur mn.ikhgur.khotoch <1.0.42 - XSS

CVE-2024-46964 HIGH

All Video Downloader through 11.28 - Remote Code Execution via StartActivity Component

CVE-2024-46963 HIGH

Super Unlimited Video Downloader <5.1.9 - XSS

CVE-2024-46962 CRITICAL

Master Video Downloader through 2.0 - Remote Code Execution via SpeedMainAct Component

CVE-2024-46965 MEDIUM

Fast Video Downloader: Browser <1.6-RC1 - XSS

CVE-2024-11078 LOW

Job Recruitment 1.0 - Cross-Site Scripting via /register.php e/role Parameter

CVE-2024-11070 LOW

PublicCMS 5.202406.d - Cross-Site Scripting in Tag Type Handler via Name Argument

CVE-2024-10958 HIGH

WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Shortcode Execution via getshortcoderenderedfenodelay

CVE-2024-11050 LOW

Amttgroup Hibos < 3.0.3.151204 - Code Injection

CVE-2024-10640 HIGH

FOX - Currency Switcher Professional <1.4.2.2 - RCE

CVE-2024-10261 HIGH

The Paid Membership Subscriptions - WordPress <2.13.0 - RCE

CVE-2024-50808 HIGH

SeaCms 13.1 - Code Injection via Notify Variable in Admin Notify Module

CVE-2024-46961 HIGH

Inshot com.downloader.privatebrowser through 1.3.5 - Remote Code Execution via PrivateMainActivity

CVE-2024-46960 HIGH

ASD com.rocks.video.downloader <7.0.129 - XSS

CVE-2024-43425 HIGH

Moodle Remote Code Execution (CVE-2024-43425)

CVE-2024-51757 CRITICAL

happy-dom < 15.10.2 - Cross-Site Scripting via Script Tag Execution

CVE-2024-10263 HIGH

Tickera - WordPress Event Ticketing <3.5.4.4 - RCE

Previous Page 99 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy