Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1296

1296 vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-50260 Wazuh's vulnerability in host_deny AR script allows arbitrary command execution — wazuh 8.8 High2024-04-19
CVE-2024-32599 WordPress WP Dummy Content Generator plugin <= 3.2.1 - Arbitrary Code Execution vulnerability — WP Dummy Content Generator 10.0 Critical2024-04-18
CVE-2024-21508 mysql2 安全漏洞 — mysql2 9.8 Critical2024-04-11
CVE-2024-2195 Remote Code Execution in aimhubio/aim — aimhubio/aim 9.8AICriticalAI2024-04-10
CVE-2024-3098 Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index — run-llama/llama_index 9.8AICriticalAI2024-04-10
CVE-2024-31864 Apache Zeppelin: Remote code execution by adding malicious JDBC connection string — Apache Zeppelin 9.8AICriticalAI2024-04-09
CVE-2023-45590 Fortinet FortiClient 代码注入漏洞 — FortiClientLinux 9.4 Critical2024-04-09
CVE-2024-25706 HTMLi at createFolder Content Injection — Portal for ArcGIS 6.1 Medium2024-04-04
CVE-2024-24707 WordPress Cwicly plugin <= 1.4.0.2 - Auth. Remote Code Execution (RCE) vulnerability — Cwicly 9.9 Critical2024-04-03
CVE-2024-25096 WordPress canto plugin <= 3.0.7 - Unauth. Remote Code Execution (RCE) vulnerability — Canto 10.0 Critical2024-04-03
CVE-2024-25918 WordPress InstaWP Connect plugin <= 0.1.0.8 - Remote Code Execution vulnerability — InstaWP Connect 8.8 -2024-04-03
CVE-2024-27191 WordPress Slivery Extender plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerability — Slivery Extender 9.8 -2024-04-03
CVE-2024-27972 WordPress WP Fusion Lite plugin <= 3.41.24 - Remote Code Execution (RCE) vulnerability — WP Fusion Lite 9.8 -2024-04-03
CVE-2024-31380 WordPress Oxygen plugin <= 4.9 - Authenticated Remote Code Execution (RCE) vulnerability — Oxygen Builder 9.9 Critical2024-04-03
CVE-2024-31390 WordPress Breakdance plugin <= 1.7.2 - Authenticated Remote Code Execution (RCE) vulnerability — Breakdance 9.9 Critical2024-04-03
CVE-2024-29202 JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery — jumpserver 10.0 Critical2024-03-29
CVE-2024-29201 JumpServer's insecure Ansible playbook validation leads to RCE in Celery — jumpserver 10.0 Critical2024-03-29
CVE-2024-0400 Hitachi Energy MACH System Software 安全漏洞 — MACH SCM 7.5 High2024-03-27
CVE-2024-0866 Check & Log Email <= 1.0.9 - Unauthenticated Hook Injection — Check & Log Email – Easy Email Testing & Mail logging 8.1 High2024-03-26
CVE-2024-28119 Grav vulnerable to Server Side Template Injection (SSTI) via Twig escape handler — grav 8.8 High2024-03-21
CVE-2024-28118 Grav vulnerable to Server Side Template Injection (SSTI) — grav 8.8 High2024-03-21
CVE-2024-28117 Grav vulnerable to Server Side Template Injection (SSTI) — grav 8.8 High2024-03-21
CVE-2024-28116 Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass — grav 8.8 High2024-03-21
CVE-2024-28848 SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` in OpenMetadata — OpenMetadata 8.8 High2024-03-15
CVE-2024-28847 SpEL Injection in `PUT /api/v1/events/subscriptions` in OpenMetadata — OpenMetadata 8.8 High2024-03-15
CVE-2024-28253 SpEL Injection in `PUT /api/v1/policies` in OpenMetadata — OpenMetadata 9.4 Critical2024-03-15
CVE-2024-2497 RaspAP raspap-webgui HTTP POST Request provider.php code injection — raspap-webgui 4.7 Medium2024-03-15
CVE-2024-0917 paddlepaddle 代码注入漏洞 — paddlepaddle/paddle 8.1AIHighAI2024-03-07
CVE-2024-2016 ZhiCms setcontroller.php index code injection — ZhiCms 6.3 Medium2024-02-29
CVE-2023-50379 Apache Ambari: authenticated users could perform command injection to perform RCE — Apache Ambari 9.9 -2024-02-27

Vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)) represent 1296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.