VYPR

CWE-94

Improper Control of Generation of Code ('Code Injection')

BaseDraftLikelihood: Medium

Description

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-242 · CAPEC-35 · CAPEC-77

CVEs mapped to this weakness (4,701)

page 26 of 236
  • CVE-2024-42845HigAug 23, 2024
    risk 0.58cvss 8.0epss 0.03

    An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.

  • CVE-2024-6726HigJul 29, 2024
    risk 0.58cvss 8.8epss 0.01

    Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE).

  • CVE-2024-4662HigMay 23, 2024
    risk 0.58cvss 8.8epss 0.01

    The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged…

  • CVE-2023-6846HigFeb 5, 2024
    risk 0.58cvss 8.8epss 0.16

    The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute…

  • CVE-2021-41749CriJun 12, 2022
    risk 0.58cvss 9.8epss 0.17

    In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.

  • CVE-2021-22053HigNov 19, 2021
    risk 0.58cvss 8.8epss 0.13

    Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the…

  • CVE-2021-41269CriNov 15, 2021
    risk 0.58cvss 10.0epss 0.04

    cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to…

  • CVE-2021-29472HigApr 27, 2021
    risk 0.58cvss 8.8epss 0.05

    Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system.…

  • CVE-2014-5013HigJan 10, 2020
    risk 0.58cvss 8.8epss 0.05

    DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.

  • CVE-2019-14867HigNov 27, 2019
    risk 0.58cvss 8.8epss 0.06

    A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker…

  • CVE-2019-10760CriOct 15, 2019
    risk 0.58cvss 9.9epss 0.03

    safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.

  • CVE-2019-10431CriOct 1, 2019
    risk 0.58cvss 9.9epss 0.03

    A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.

  • CVE-2019-14271CriJul 29, 2019
    risk 0.58cvss 9.8epss 0.19

    In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

  • CVE-2017-16544HigNov 20, 2017
    risk 0.58cvss 8.8epss 0.06

    In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially…

  • CVE-2017-14353HigOct 5, 2017
    risk 0.58cvss 8.8epss 0.05

    A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.

  • CVE-2017-0899CriAug 31, 2017
    risk 0.58cvss 9.8epss 0.11

    RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

  • CVE-2017-7694HigApr 11, 2017
    risk 0.58cvss 8.8epss 0.04

    Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor…

  • CVE-2011-1265HigJul 13, 2011
    risk 0.58cvss 8.8epss 0.06

    The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth…

  • CVE-2026-30120CriJun 15, 2026
    risk 0.57cvss 9.8epss 0.01

    remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability.

  • CVE-2026-45833HigJun 12, 2026
    risk 0.57cvss 8.8epss 0.00

    A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/default_tenant/databases…