CWE-94
6,465 CVEs • Abstraction: Base • Likelihood of Exploit: Medium
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVEs (6,465)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Adobe 4Air Air SdkAir Sdk & Compiler+1 moreMay 6, 2026 Nov 11, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler be...Show more |
1Adobe 4Air Air SdkAir Sdk & Compiler+1 moreMay 6, 2026 Nov 11, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler be...Show more |
1Adobe 4Air Air SdkAir Sdk & Compiler+1 moreMay 6, 2026 Nov 11, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler be...Show more |
1Adobe 4Air Air SdkAir Sdk & Compiler+1 moreMay 6, 2026 Nov 11, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, an...Show more |
1Microsoft 3Office Compatibility Pack Office Word ViewerWordMay 6, 2026 Nov 11, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Offi...Show more |
1Microsoft 3Office Compatibility Pack Office Word ViewerWordMay 6, 2026 Nov 11, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Offi...Show more |
1Microsoft 3Office Compatibility Pack Office Word ViewerWordMay 6, 2026 Nov 11, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Double Delete Remote Code Execution Vulnerabil...Show more |
1Microsoft 9Windows 7 Windows 8Windows 8.1+6 moreMay 6, 2026 Nov 11, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote atta...Show more |
1Microsoft 9Windows 7 Windows 8Windows 8.1+6 moreMay 6, 2026 Nov 11, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold a...Show more |
1Cisco 7Rv120w Rv120w FirmwareRv180+4 moreMay 6, 2026 Nov 7, 2014 N/A· v4 N/A· v3 9.0 HIGH· v2 The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to e...Show more |
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. |
1Sap 1Customer Relationship Management Internet Sales May 6, 2026 Nov 6, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. |
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. |
Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. |
The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. |
The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. |
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template. |
lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter. |
Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strin...Show more |
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative...Show more |