CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1295

1295 vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2021-41269	Unauthenticated remote code injection in cron-utils — cron-utils	10.0	Critical	2021-11-15
CVE-2021-24721	Loco Translate < 2.5.4 - Authenticated PHP Code Injection — Loco Translate	6.5	-	2021-11-08
CVE-2021-24537	Similar Posts <= 3.1.5 - Admin+ Arbitrary PHP Code Execution — Similar Posts – Best Related Posts Plugin for WordPress	7.2	-	2021-11-08
CVE-2021-38450	Trane Tracer Code Injection — Tracer SC	9.9	Critical	2021-10-27
CVE-2021-22961	GlassWire 代码注入漏洞 — GlassWire	9.8	-	2021-10-18
CVE-2021-24546	EditorsKit < 1.31.6 - Contributor+ Arbitrary PHP Code Execution — Gutenberg Block Editor Toolkit – EditorsKit	8.8	-	2021-10-11
CVE-2021-25470	Samsung SMR 安全漏洞 — Samsung Mobile Devices	7.9	High	2021-10-06
CVE-2021-22557	Code execution in SLO Generator via YAML Payload — SLO Generator	5.3	Medium	2021-10-04
CVE-2021-22952	UniFi Talk 代码注入漏洞 — UniFi Talk application	8.8	-	2021-09-23
CVE-2021-33693	SAP ERP 代码注入漏洞 — SAP Cloud Connector	7.2	-	2021-09-15
CVE-2021-32836	Pre-auth unsafe deserialization in ZStack — zstack	7.5	High	2021-09-09
CVE-2021-32834	Arbitrary Groovy script evaluation in Eclipse Keti — keti	8.2	High	2021-09-09
CVE-2021-32831	Code injection in total.js — framework	7.5	High	2021-08-30
CVE-2021-39159	Remote code execution in Binderhub — binderhub	9.6	Critical	2021-08-25
CVE-2021-39160	Code injection in nbgitpuller — nbgitpuller	9.6	Critical	2021-08-25
CVE-2021-39144	XStream is vulnerable to a Remote Command Execution attack — xstream	8.5	High	2021-08-23
CVE-2021-3615	Lenovo Smart Camera 代码注入漏洞 — Smart Camera X3, X5, and C2E firmware	6.6	Medium	2021-08-17
CVE-2021-32829	Post-authentication Remote Code Execution (RCE) in ZStack REST API — zstack	9.6	Critical	2021-08-17
CVE-2021-32809	Arbitrary HTML injection vulnerability in ckeditor — ckeditor4	4.6	Medium	2021-08-12
CVE-2021-37626	PHP file inclusion via insert tags — contao	7.2	High	2021-08-11
CVE-2021-37694	Code injection issue for java-spring-cloud-stream-template — java-spring-cloud-stream-template	8.7	High	2021-08-11
CVE-2021-36800	Akaunting OS Command Injection in 'Money.php' — Akaunting	8.7	High	2021-08-04
CVE-2021-32706	(Authenticated) Remote Code Execution Possible in Web Interface 5.5 — AdminLTE	7.6	High	2021-08-04
CVE-2021-24430	Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE — Speed Booster Pack ⚡ PageSpeed Optimization Suite	8.8	-	2021-08-02
CVE-2017-18113	Atlassian JIRA Server和Atlassian JIRA Data Center 代码注入漏洞 — Jira Server	8.8	-	2021-08-02
CVE-2021-1518	Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability — Cisco Firepower Threat Defense Software	6.3	Medium	2021-07-22
CVE-2021-1585	Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability — Cisco Adaptive Security Appliance (ASA) Software	7.5	High	2021-07-08
CVE-2021-25393	Samsung SMR 输入验证错误漏洞 — Samsung Mobile Devices	6.6	Medium	2021-06-11
CVE-2021-25415	Samsung Mobile RKP 输入验证错误漏洞 — Samsung Mobile Devices	5.5	-	2021-06-11
CVE-2021-25416	Samsung SMR 输入验证错误漏洞 — Samsung Mobile Devices	6.5	-	2021-06-11

Vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)) represent 1295 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1295