Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1296

1296 vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE 8.1 High2024-05-31
CVE-2024-3924 Code Injection in huggingface/text-generation-inference — huggingface/text-generation-inference 8.8AIHighAI2024-05-30
CVE-2024-35226 PHP Code Injection by malicious attribute in extends-tag in Smarty — smarty 7.3 High2024-05-28
CVE-2024-5407 Code Injection vulnerability in RhinOS from SaltOS — RhinOS 10.0 Critical2024-05-27
CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution — WP Photo Album Plus 6.5 Medium2024-05-24
CVE-2024-0867 Email Log <= 2.4.8 - Unauthenticated Hook Injection — Email Log 8.1 High2024-05-24
CVE-2024-4662 Oxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code Execution — Oxygen Builder 8.8 High2024-05-23
CVE-2024-4261 Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution — Lead Form Builder & Contact Form 5.4 Medium2024-05-22
CVE-2024-4264 Remote Code Execution in berriai/litellm — berriai/litellm 9.8 -2024-05-18
CVE-2024-33644 WordPress Customify Site Library plugin <= 0.0.9 - Remote Code Execution (RCE) vulnerability — Customify Site Library 9.9 Critical2024-05-17
CVE-2023-23645 WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability — MainWP Code Snippets Extension 9.9 Critical2024-05-17
CVE-2024-4181 Command Injection in run-llama/llama_index — run-llama/llama_index 9.8AICriticalAI2024-05-16
CVE-2024-4202 Progress Telerik Reporting Local Instantiation Vulnerability — Telerik Reporting 7.7 High2024-05-15
CVE-2024-3892 Local code execution vulnerability in Telerik UI for WinForms — Telerik UI for WinForms 7.2 High2024-05-15
CVE-2024-3319 Security implication in SailPoint Identity Security Cloud IdentityProfile API Endpoints — Identity Security Cloud 9.1 Critical2024-05-15
CVE-2024-4144 Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution — Simple Basic Contact Form 6.5 Medium2024-05-14
CVE-2024-4039 Orders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution — Orders Tracking for WooCommerce 6.5 Medium2024-05-10
CVE-2024-4038 Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution — Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro 6.5 Medium2024-05-09
CVE-2024-4605 Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution — Breakdance 8.8 High2024-05-09
CVE-2024-4135 WP Latest Posts <= 5.0.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution — WP Latest Posts 5.4 Medium2024-05-08
CVE-2023-35701 Apache Hive: Arbitrary command execution via JDBC driver — Apache Hive 8.8AIHighAI2024-05-03
CVE-2023-39469 PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability — NG 8.8 -2024-05-03
CVE-2024-3734 FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution — FOX – Currency Switcher Professional for WooCommerce 6.5 Medium2024-05-02
CVE-2024-3957 Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools 6.5 Medium2024-05-02
CVE-2024-3955 Arbitrary code execution in CraftBeerPi 4 — CraftBeerPi 4 9.8 -2024-05-02
CVE-2024-31266 WordPress Advanced Order Export For WooCommerce plugin <= 3.4.4 - Remote Code Execution (RCE) vulnerability — Advanced Order Export For WooCommerce 9.1 Critical2024-04-25
CVE-2024-22144 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability — Anti-Malware Security and Brute-Force Firewall 9.0 Critical2024-04-25
CVE-2024-20359 Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 6.0 Medium2024-04-24
CVE-2024-21511 mysql2 安全漏洞 — mysql2 9.8 Critical2024-04-23
CVE-2024-29991 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability — Microsoft Edge (Chromium-based) 5.0 Medium2024-04-19

Vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)) represent 1296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.