Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1295

1295 vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2008 abhiphile fermat-mcp eqn_chart.py eqn_chart code injection — fermat-mcp 6.3 Medium2026-02-06
CVE-2026-1977 isaacwasserman mcp-vegalite-server visualize_data eval code injection — mcp-vegalite-server 6.3 Medium2026-02-06
CVE-2026-25481 Langroid has WAF Bypass Leading to RCE in TableChatAgent — langroid 9.1AICriticalAI2026-02-04
CVE-2026-24149 NVIDIA Megatron-LM 代码注入漏洞 — Megatron-LM 7.8 High2026-02-03
CVE-2026-25142 SandboxJS Prototype Pollution -> Sandbox Escape -> RCE — SandboxJS 10.0 Critical2026-02-02
CVE-2020-37052 AirControl 1.4.2 - PreAuth Remote Code Execution — AirControl 9.8 Critical2026-01-30
CVE-2026-25153 @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks — backstage 7.7 High2026-01-30
CVE-2026-25141 Orval has a code injection via unsanitized x-enum-descriptions uing JS comments — orval 8.6AIHighAI2026-01-30
CVE-2025-62348 Salt junos module uses an unsafe YAML loader which may allow unintended code execution — Salt 7.8 High2026-01-30
CVE-2026-1340 Ivanti Endpoint Manager Mobile 代码注入漏洞 — Endpoint Manager Mobile 9.8 Critical2026-01-29
CVE-2026-1281 Ivanti Endpoint Manager Mobile 代码注入漏洞 — Endpoint Manager Mobile 9.8 Critical2026-01-29
CVE-2026-23830 SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor — SandboxJS 10.0 Critical2026-01-27
CVE-2026-24871 Code injection in Minecraft-Rcon-Manage — Minecraft-Rcon-Manage 9.8AICriticalAI2026-01-27
CVE-2026-24806 Buffer Write Security Vulnerability in liuyueyi/quick-media — quick-media 9.8AICriticalAI2026-01-27
CVE-2026-22709 vm2 has a Sandbox Escape — vm2 9.8 Critical2026-01-26
CVE-2024-11976 BuddyPress <= 14.3.3 - Unauthenticated Arbitrary Shortcode Execution — BuddyPress 7.3 High2026-01-23
CVE-2025-67847 Moodle: moodle: remote code execution via insufficient restore input validation 8.8 High2026-01-23
CVE-2026-0771 Langflow PythonFunction Code Injection Remote Code Execution Vulnerability — Langflow 9.8 -2026-01-23
CVE-2026-0768 Langflow code Code Injection Remote Code Execution Vulnerability — Langflow 9.8 -2026-01-23
CVE-2026-0766 Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability — Open WebUI 8.8 -2026-01-23
CVE-2026-0761 Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability — MetaGPT 9.8 -2026-01-23
CVE-2025-69319 WordPress Beaver Builder plugin <= 2.9.4.1 - Arbitrary Code Execution vulnerability — Beaver Builder 9.8AICriticalAI2026-01-22
CVE-2025-69001 WordPress FluentForm plugin <= 6.1.11 - Arbitrary Shortcode Execution vulnerability — FluentForm 9.8AICriticalAI2026-01-22
CVE-2025-68015 WordPress Event Tickets with Ticket Scanner plugin <= 2.8.5 - Remote Code Execution (RCE) vulnerability — Event Tickets with Ticket Scanner 9.8AICriticalAI2026-01-22
CVE-2025-67944 WordPress Nelio AB Testing plugin <= 8.1.8 - Arbitrary Code Execution vulnerability — Nelio AB Testing 9.1 Critical2026-01-22
CVE-2026-22807 vLLM affected by RCE via auto_map dynamic module loading during model initialization — vllm 8.8 High2026-01-21
CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts — 5ire 9.7 Critical2026-01-21
CVE-2021-47778 GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection — My SMTP Contact Plugin 7.2AIHighAI2026-01-21
CVE-2021-47770 OpenPLC 3 - Remote Code Execution — OpenPLC 8.8 High2026-01-21
CVE-2026-20045 Cisco Unified Communications Products Remote Code Execution Vulnerability — Cisco Unified Communications Manager 8.2 High2026-01-21

Vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)) represent 1295 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.