CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1296

1296 vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-1885	Remote Code Execution attack on LG Signage — LG Signage	6.3	Medium	2024-02-26
CVE-2024-1705	Shopwind Installation DefaultController.php actionCreate code injection — Shopwind	5.6	Medium	2024-02-21
CVE-2023-51770	Apache DolphinScheduler: Arbitrary File Read Vulnerability — Apache DolphinScheduler	7.5^AI	High^AI	2024-02-20
CVE-2023-49109	Remote Code Execution in Apache Dolphinscheduler — Apache DolphinScheduler	9.8^AI	Critical^AI	2024-02-20
CVE-2023-52381	Huawei EMUI 安全漏洞 — HarmonyOS	9.4^AI	Critical^AI	2024-02-18
CVE-2024-21378	Microsoft Outlook Remote Code Execution Vulnerability — Microsoft Office 2019	8.8	High	2024-02-13
CVE-2024-21351	Windows SmartScreen Security Feature Bypass Vulnerability — Windows 11 Version 23H2	7.6	High	2024-02-13
CVE-2024-22131	Code Injection vulnerability in SAP ABA (Application Basis) — SAP ABA (Application Basis)	9.1	Critical	2024-02-13
CVE-2024-25110	Azure IoT Platform Device SDK Remote Code Execution Vulnerability — azure-uamqp-c	9.8	Critical	2024-02-12
CVE-2023-45735	Westermo Lynx Code Injection — Lynx	8.0	High	2024-02-06
CVE-2023-6846	File Manager Pro <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Upload — File Manager Pro	8.8	High	2024-02-05
CVE-2023-6996	Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Code Injection — Display custom fields in the frontend – Post and User Profile Fields	8.8	High	2024-02-05
CVE-2021-22282	RCE in B&R Automation Studio with crafted project files — Automation Studio	8.3	High	2024-02-02
CVE-2024-0325	Command Injection in Helix Sync — Sync	3.6	Low	2024-02-01
CVE-2024-1117	openBI Screen.php index code injection — openBI	7.3	High	2024-01-31
CVE-2024-21649	Remote code execution — vantage6	8.8	High	2024-01-30
CVE-2024-1015	Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 — E-DDC3.3	9.8	Critical	2024-01-29
CVE-2023-31037	NVIDIA BMC 操作系统命令注入漏洞 — Bluefield 2 DPU BMC, BlueField 3 DPU BMC	7.2	High	2024-01-24
CVE-2024-0521	Code Injection in paddlepaddle/paddle — paddlepaddle/paddle	9.8	-	2024-01-20
CVE-2024-0738	个人开源 mldong DecisionModel.java ExpressionEngine code injection — mldong	6.3	Medium	2024-01-19
CVE-2023-6548	Citrix Systems ADC and NetScaler Gateway 代码注入漏洞 — NetScaler ADC	5.5	Medium	2024-01-17
CVE-2021-4434	Social Warfare <= 3.5.2 - Remote Code Execution — Social Sharing Plugin – Social Warfare	10.0	Critical	2024-01-17
CVE-2024-0252	Remote code execution — ADSelfService Plus	8.8	High	2024-01-11
CVE-2024-21643	Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability — azure-activedirectory-identitymodel-extensions-for-dotnet	7.1	High	2024-01-10
CVE-2024-21737	Code Injection vulnerability in SAP Application Interface Framework (File Adapter) — SAP Application Interface Framework (File Adapter)	8.4	High	2024-01-09
CVE-2024-21646	Azure IoT Platform Device SDK Remote Code Execution Vulnerability — azure-uamqp-c	9.8	Critical	2024-01-09
CVE-2023-6540	Lenovo Browser 代码注入漏洞 — Lenovo Browser Mobile	6.5	Medium	2024-01-03
CVE-2023-51784	Apache InLong: Remote Code Execution vulnerability in Apache InLong Manager — Apache InLong	9.8^AI	Critical^AI	2024-01-03
CVE-2023-41783	Command Injection Vulnerability of ZTE's ZXCLOUD iRAI — ZXCLOUD iRAI	4.3	Medium	2024-01-03
CVE-2024-0196	Magic-Api code injection — Magic-Api	6.3	Medium	2024-01-02

Vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)) represent 1296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1296