CWE-94
6,556 CVEs • Abstraction: Base • Likelihood of Exploit: Medium
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVEs (6,556)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gi...Show more |
Craft is a content management system (CMS). Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds() method passes...Show more |
1Lantronix 3Eds5008 Firmware Eds5016 FirmwareEds5032 FirmwareJun 24, 2026 Mar 11, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sani...Show more |
1Lantronix 3Eds5008 Firmware Eds5016 FirmwareEds5032 FirmwareJun 17, 2026 Mar 11, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges. |
1Lantronix 3Eds5008 Firmware Eds5016 FirmwareEds5032 FirmwareJun 23, 2026 Mar 11, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can i...Show more |
1Lantronix 3Eds5008 Firmware Eds5016 FirmwareEds5032 FirmwareJun 23, 2026 Mar 11, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject ar...Show more |
1Lantronix 3Eds5008 Firmware Eds5016 FirmwareEds5032 FirmwareJun 23, 2026 Mar 11, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are exe...Show more |
A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack. |
A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attac...Show more |
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands. |
rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT (Just-...Show more |
1Schneider Electric 1Ecostruxure Automation Expert Jun 23, 2026 Mar 10, 2026 7.2 HIGH· v4 8.2 HIGH· v3 N/A· v2 CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the work...Show more |
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the syste...Show more |
1Oretnom23 1Resort Reservation System Jun 17, 2026 Mar 9, 2026 2.0 LOW· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manip...Show more |
1Angeljudesuarez 1Payroll Management System Jun 17, 2026 Mar 9, 2026 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was determined in itsourcecode Payroll Management System 1.0. Affected is an unknown function of the file /manage_employee_allowances.php. This manipulation of the argument ID causes cross site scripting....Show more |
1Senior Walter 1Web Based Pharmacy Product Management System Jun 17, 2026 Mar 8, 2026 2.0 LOW· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an unknown function of the file edit-profile.php. Performing a manipulation of the argument fullname re...Show more |
1Carmelo 1Simple Flight Ticket Booking System Jun 17, 2026 Mar 8, 2026 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scripting. It is possibl...Show more |
A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/D_singlePageGroup.php. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible t...Show more |
A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/D_singlePage.php. Performing a manipulation of the argument Title results in cross site scripting. It...Show more |
A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D_friendLink.php. Such manipulation of the argument linkName leads to cross site script...Show more |