CWE-94
6,471 CVEs • Abstraction: Base • Likelihood of Exploit: Medium
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVEs (6,471)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedO...Show more |
1Microsoft 1Azure Real Time Operating System Guix Studio May 29, 2025 Aug 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
1Microsoft 4Visual Studio Visual Studio 2017Visual Studio 2019+1 moreMay 29, 2025 Aug 9, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Visual Studio Remote Code Execution Vulnerability |
1Microsoft 1Azure Site Recovery Vmware To Azure May 29, 2025 Aug 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Azure Site Recovery Remote Code Execution Vulnerability |
1Microsoft 10Windows 10 Windows 11Windows 7+7 moreMay 29, 2025 Aug 9, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
1Microsoft 5Windows 10 Windows 11Windows Server 2016+2 moreMay 29, 2025 Aug 9, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Windows Network File System Remote Code Execution Vulnerability |
1Microsoft 10Windows 10 Windows 11Windows 7+7 moreMay 29, 2025 Aug 9, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
1Microsoft 10Windows 10 Windows 11Windows 7+7 moreJun 24, 2025 Aug 9, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows WebBrowser Control Remote Code Execution Vulnerability |
1Microsoft 1Azure Real Time Operating System Guix Studio Jun 24, 2025 Aug 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege. |
A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. |
Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. |
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution |
Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template. |
1Atlassian 2Jira Data Center Jira ServerNov 21, 2024 Aug 1, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attacker...Show more |
EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote). |
1Ovarro 8Tbox Lt2 530 Firmware Tbox Lt2 532 FirmwareTbox Lt2 540 Firmware+5 moreApr 17, 2025 Jul 28, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. |
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible |
2Fedoraproject Moodle2Fedora MoodleNov 21, 2024 Jul 25, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions o...Show more |