CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1296

1296 vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-4291	Frauscher FDS101 for FAdC/FAdCi remote code execution vulnerability — FDS101 for FAdC/FAdCi	9.8	Critical	2023-09-21
CVE-2023-0462	Arbitrary code execution through yaml global parameters — foreman	8.0	High	2023-09-20
CVE-2023-40221	Socomec MOD3GP-SY-120K Code Injection — MODULYS GP (MOD3GP-SY-120K)	8.8	High	2023-09-18
CVE-2023-34999	RTS VLink Virtual Matrix 命令注入漏洞 — VLink Virtual Matrix Software	8.4	High	2023-09-18
CVE-2023-4994	Allow PHP in Posts and Pages <= 3.0.4 - Authenticated (Subscriber+) Remote Code Execution via Shortcode — Allow PHP in Posts and Pages	9.9	Critical	2023-09-16
CVE-2023-4977	Code Injection in librenms/librenms — librenms/librenms	6.0	-	2023-09-15
CVE-2023-41892	Craft CMS Remote Code Execution vulnerability — cms	10.0	Critical	2023-09-13
CVE-2023-40621	Code Injection vulnerability in SAP PowerDesigner Client — SAP PowerDesigner Client	6.3	Medium	2023-09-12
CVE-2023-39956	Electron: Out-of-package code execution when launched with arbitrary cwd — electron	6.1	Medium	2023-09-06
CVE-2023-41319	Remote Code Execution in Custom Integration Upload in Fides — fides	8.8	High	2023-09-06
CVE-2023-37914	Privilege escalation (PR)/RCE from account through Invitation subject/message — xwiki-platform	9.9	Critical	2023-08-17
CVE-2023-40252	Genians Genian NAC 代码注入漏洞 — Genian NAC V4.0	6.0	Medium	2023-08-17
CVE-2023-20209	Cisco Expressway Series和Cisco TelePresence Video Communication Server 命令注入漏洞 — Cisco TelePresence Video Communication Server (VCS) Expressway	6.5	Medium	2023-08-16
CVE-2023-36923	Code Injection vulnerability in SAP PowerDesigner — SAP PowerDesigner	7.8	High	2023-08-08
CVE-2023-37470	Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint — metabase	10.0	Critical	2023-08-04
CVE-2023-4142	WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress	8.0	High	2023-08-04
CVE-2023-4141	WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress	8.0	High	2023-08-04
CVE-2023-3401	Improper Control of Generation of Code ('Code Injection') in GitLab — GitLab	4.8	Medium	2023-08-02
CVE-2023-36542	Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources — Apache NiFi	8.8	-	2023-07-29
CVE-2023-33229	SolarWinds Platform Incorrect Input Neutralization Vulnerability — SolarWinds Platform	3.5	Low	2023-07-26
CVE-2023-3519	Citrix ADC 和 Citrix Gateway 代码注入漏洞 — NetScaler ADC	9.8	Critical	2023-07-19
CVE-2023-34330	Code injection via Dynamic Redfish Extension interface — MegaRAC_SPx12	8.2	High	2023-07-18
CVE-2023-37466	vm2 Sandbox Escape vulnerability — vm2	9.8	Critical	2023-07-13
CVE-2023-37274	Python code execution sandbox escape in non-docker version in Auto-GPT — Auto-GPT	7.6	High	2023-07-13
CVE-2023-37273	Docker escape in Auto-GPT when running from docker-compose.yml included in git repo — Auto-GPT	8.1	High	2023-07-13
CVE-2023-37582	Apache RocketMQ: Possible remote code execution when using the update configuration function — Apache RocketMQ	9.8	-	2023-07-12
CVE-2023-37199	Schneider Electric StruxureWare Data Center Expert 代码注入漏洞 — StruxureWare Data Center Expert	6.8	Medium	2023-07-12
CVE-2023-37198	Schneider Electric StruxureWare Data Center Expert 代码注入漏洞 — StruxureWare Data Center Expert	6.8	Medium	2023-07-12
CVE-2023-24492	Citrix Systems Secure Access 代码注入漏洞 — Citrix Secure Access client for Ubuntu	9.6	Critical	2023-07-11
CVE-2023-35333	MediaWiki PandocUpload Extension Remote Code Execution Vulnerability — PandocUpload	8.8	High	2023-07-11

Vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)) represent 1296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1296