VYPR

CWE-94

Improper Control of Generation of Code ('Code Injection')

BaseDraftLikelihood: Medium

Description

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-242 · CAPEC-35 · CAPEC-77

CVEs mapped to this weakness (4,701)

page 25 of 236
  • CVE-2026-45495HigMay 18, 2026
    risk 0.57cvss 8.8epss 0.01

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

  • CVE-2021-47964HigMay 15, 2026
    risk 0.57cvss 8.8epss 0.01

    Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the…

  • CVE-2025-15024HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System:…

  • CVE-2026-44295HigMay 13, 2026
    risk 0.57cvss 8.7epss 0.00

    protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain…

  • CVE-2026-44293HigMay 13, 2026
    risk 0.57cvss 8.8epss 0.00

    protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a…

  • CVE-2026-8429HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security…

  • CVE-2026-41094HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

  • CVE-2026-31233CriMay 12, 2026
    risk 0.57cvss 9.8epss 0.01

    Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified…

  • CVE-2026-31225HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The _parse_op_part() function in query.py uses the unsafe eval() function to dynamically evaluate user-supplied query operands without proper sanitization…

  • CVE-2026-31217CriMay 12, 2026
    risk 0.57cvss 9.8epss 0.00

    The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function…

  • CVE-2026-42603HigMay 11, 2026
    risk 0.57cvss 8.8epss 0.00

    OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pull_request_target (privileged trigger) but checks out and executes code directly from the…

  • CVE-2022-50944HigMay 10, 2026
    risk 0.57cvss 8.8epss 0.00

    Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with…

  • CVE-2021-47939HigMay 10, 2026
    risk 0.57cvss 8.8epss 0.01

    Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with…

  • CVE-2021-47938HigMay 10, 2026
    risk 0.57cvss 8.8epss 0.01

    ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the sat_code parameter. Attackers can authenticate, submit a POST request…

  • CVE-2026-29202HigMay 8, 2026
    risk 0.57cvss 8.8epss 0.01

    Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user.

  • CVE-2026-41507CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse() is injected verbatim into a new Function() body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled…

  • CVE-2026-25077HigMay 8, 2026
    risk 0.57cvss 8.8epss 0.01

    Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM…

  • CVE-2026-7841HigMay 6, 2026
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to…

  • CVE-2023-54345HigMay 5, 2026
    risk 0.57cvss 8.8epss 0.01

    Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script…

  • CVE-2026-42238CriMay 4, 2026
    risk 0.57cvss 9.8epss 0.01

    Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST /api/restore) that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated…