Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1295

1295 vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-2805 ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution — ORDER POST 7.3 High2025-04-10
CVE-2025-2809 azurecurve Shortcodes in Comments <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution — azurecurve Shortcodes in Comments 7.3 High2025-04-10
CVE-2025-31330 Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform) — SAP Landscape Transformation (Analysis Platform) 9.9 Critical2025-04-08
CVE-2025-30013 Code Injection vulnerability in SAP ERP BW Business Content — SAP ERP BW Business Content 6.7 Medium2025-04-08
CVE-2025-27429 Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise) — SAP S/4HANA (Private Cloud) 9.9 Critical2025-04-08
CVE-2025-23186 Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAP 8.5 High2025-04-08
CVE-2024-13645 TagDiv Composer <= 5.3 - Unauthenticated Arbitrary PHP Object Instantiation — tagDiv Composer 9.8 Critical2025-04-04
CVE-2025-3164 Tencent Music Entertainment SuperSonic H2 Database Connection testConnect code injection — SuperSonic 4.7 Medium2025-04-03
CVE-2025-3163 InternLM LMDeploy conf.py open code injection — LMDeploy 5.3 Medium2025-04-03
CVE-2025-30580 WordPress DigiWidgets Image Editor plugin <= 1.10 - Remote Code Execution (RCE) Vulnerability — DigiWidgets Image Editor 10.0 Critical2025-04-01
CVE-2025-30911 WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability — RTMKit 9.9 Critical2025-04-01
CVE-2024-13557 Shortcodes by United Themes <= 5.1.6 - Unauthenticated Arbitrary Shortcode Execution — Shortcodes by United Themes 6.5 Medium2025-03-29
CVE-2025-2803 So-Called Air Quotes <= 0.1 - Unauthenticated Arbitrary Shortcode Execution — So-Called Air Quotes 7.3 High2025-03-29
CVE-2025-30067 Apache Kylin: The remote code execution via jdbc url — Apache Kylin 9.8AICriticalAI2025-03-27
CVE-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab — GitLab 4.4 Medium2025-03-27
CVE-2025-28893 WordPress Visual Text Editor plugin <= 1.2.1 - Remote Code Execution (RCE) vulnerability — Visual Text Editor 9.9 Critical2025-03-26
CVE-2024-45480 Unauthorized local file reading in B&R APROL — B&R APROL 9.1AICriticalAI2025-03-25
CVE-2025-2303 Block Logic <= 1.0.8 - Authenticated (Contributor+) Remote Code Execution — Block Logic – Full Block Display Control 8.8 High2025-03-22
CVE-2024-12215 Remote Code Execution in kedro-org/kedro — kedro-org/kedro 9.8 -2025-03-20
CVE-2024-6825 Remote Code Execution in BerriAI/litellm — berriai/litellm 9.8 -2025-03-20
CVE-2024-10954 Prompt Injection Leading to RCE in binary-husky/gpt_academic Plugin `manim` — binary-husky/gpt_academic 8.0 -2025-03-20
CVE-2024-10252 Code Injection in langgenius/dify — langgenius/dify 9.8 -2025-03-20
CVE-2024-10950 Code Injection in binary-husky/gpt_academic — binary-husky/gpt_academic 9.8 -2025-03-20
CVE-2024-9439 Remote Code Execution in transformeroptimus/superagi — transformeroptimus/superagi 9.8 -2025-03-20
CVE-2024-6982 Remote Code Execution in Calculate Function in parisneo/lollms — parisneo/lollms 9.8 -2025-03-20
CVE-2024-10572 Denial of Service and Arbitrary File Write in h2oai/h2o-3 — h2oai/h2o-3 9.1 -2025-03-20
CVE-2025-0185 Pandas Query Injection in langgenius/dify — langgenius/dify 9.8 -2025-03-20
CVE-2024-21760 Fortinet FortiSOAR 代码注入漏洞 — FortiSOAR 7.7 High2025-03-18
CVE-2025-26924 WordPress Ohio Theme Extra plugin <= 3.4.7 - Shortcode Injection vulnerability — Ohio Extra 6.5 Medium2025-03-15
CVE-2024-54448 Remote Code Execution (RCE) via Automation Scripting — LogicalDOC Community 6.8 -2025-03-14

Vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)) represent 1295 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.