CWE-94
6,556 CVEs • Abstraction: Base • Likelihood of Exploit: Medium
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVEs (6,556)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. |
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This d...Show more |
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0.
Users are recommended to upgrade to version 2.8.0, which fixes this issue. |
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially craf...Show more |
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMA_Widget_Admin::render_preview'. This is due to missing capabil...Show more |
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd. |
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module. |
1Jon Remus Sevellejo 1Personnel Property Equipment System Jun 17, 2026 Mar 2, 2026 N/A· v4 7.2 HIGH· v3 N/A· v2 sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/admin_change_picture.php. |
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities. |
1Angeljudesuarez 1University Management System Jun 17, 2026 Mar 2, 2026 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The manipulation of the argument dt results in cross site scripting. The attac...Show more |
A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.exec_module of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint...Show more |
1Phpgurukul 1Student Record System Jun 17, 2026 Mar 2, 2026 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject.php. Performing a manipulation of the argument Subject 1 results in cr...Show more |
1Phpgurukul 1Student Record System Jun 17, 2026 Mar 2, 2026 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the argument Course Short Na...Show more |
A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a...Show more |
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code ex...Show more |
1Johnsoncontrols 1Frick Controls Quantum Hd Firmware Jun 17, 2026 Feb 27, 2026 8.8 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in c...Show more |
1Johnsoncontrols 1Frick Controls Quantum Hd Firmware Jun 17, 2026 Feb 27, 2026 8.8 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected ac...Show more |
1Johnsoncontrols 1Frick Controls Quantum Hd Firmware Jun 17, 2026 Feb 27, 2026 8.8 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected ac...Show more |
1Remyandrade 1Doctor Appointment System Jun 17, 2026 Feb 27, 2026 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of th...Show more |
An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component |