Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1295

1295 vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-6951 simple-git<3.36.0 RCE漏洞因--config未修复 — simple-git 9.8 Critical2026-04-25
CVE-2026-41414 Skim: Arbitrary code execution via pull_request_target fork checkout in pr.yml — skim 7.4 High2026-04-24
CVE-2026-41137 Flowise: Code Injection in CSVAgent leads to Authenticated RCE — Flowise 8.8AIHighAI2026-04-23
CVE-2026-41138 Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. — Flowise 9.8AICriticalAI2026-04-23
CVE-2026-41246 Contour: Lua code injection via Cookie Path Rewrite Policy — contour 8.1 High2026-04-23
CVE-2026-39440 WordPress FunnelFormsPro plugin <= 3.8.1 - Remote Code Execution (RCE) vulnerability — FunnelFormsPro 9.9 Critical2026-04-23
CVE-2026-3960 Remote Code Execution in h2oai/h2o-3 — h2oai/h2o-3 9.8AICriticalAI2026-04-23
CVE-2026-41229 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API) — froxlor 9.1 Critical2026-04-23
CVE-2026-41196 Luanti has a mod security sandbox escape — luanti 9.3AICriticalAI2026-04-23
CVE-2026-41134 Kiota: Code Generation Literal Injection — kiota 9.8AICriticalAI2026-04-22
CVE-2026-40911 WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks — AVideo 10.0 Critical2026-04-21
CVE-2026-40602 hass-cli: Handling of user-supplied Jinja2 templates — home-assistant-cli 5.6 Medium2026-04-21
CVE-2026-32613 Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling — spinnaker 10.0 Critical2026-04-20
CVE-2026-39918 Vvveb < 1.0.8.1 Code Injection via Installation Endpoint — Vvveb 9.8 Critical2026-04-20
CVE-2026-41282 Nuclei 安全漏洞 — Nuclei 4.0 Medium2026-04-20
CVE-2026-6603 modelscope agentscope _python.py execute_shell_command code injection — agentscope 7.3 High2026-04-20
CVE-2026-41242 protobufjs has an arbitrary code execution issue — protobuf.js 8.1AIHighAI2026-04-18
CVE-2026-40316 OWASP BLT has RCE in Github Actions via untrusted Django model execution in workflow — BLT 8.8 High2026-04-15
CVE-2026-1509 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution — Avada (Fusion) Builder 5.4 Medium2026-04-15
CVE-2025-54550 Apache Airflow: RCE by race condition in example_xcom dag — Apache Airflow 8.8 -2026-04-15
CVE-2026-39842 OpenRemote is Vulnerable to Expression Injection — openremote 10.0 Critical2026-04-14
CVE-2026-2582 Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution — Germanized for WooCommerce 6.5 Medium2026-04-14
CVE-2026-40287 PraisonAI has RCE via Automatic tools.py Import — PraisonAI 8.4 High2026-04-14
CVE-2026-27675 Code Injection vulnerability in SAP Landscape Transformation — SAP Landscape Transformation 2.0 Low2026-04-14
CVE-2026-27674 Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java) — SAP NetWeaver Application Server Java (Web Dynpro Java) 6.1 Medium2026-04-14
CVE-2026-6125 Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection — warm-flow 6.3 Medium2026-04-12
CVE-2026-6110 FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection — MetaGPT 7.3 High2026-04-12
CVE-2026-40158 PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonai — PraisonAI 8.6 High2026-04-10
CVE-2026-40156 PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading — PraisonAI 7.8 High2026-04-10
CVE-2026-5970 FoundationAgents MetaGPT HumanEvalBenchmark/MBPPBenchmark check_solution code injection — MetaGPT 7.3 High2026-04-09

Vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)) represent 1295 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.