VYPR

CWE-94

Improper Control of Generation of Code ('Code Injection')

BaseDraftLikelihood: Medium

Description

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-242 · CAPEC-35 · CAPEC-77

CVEs mapped to this weakness (4,701)

page 7 of 236
  • CVE-2026-50872CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request.

  • CVE-2026-50871CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.02

    An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.

  • CVE-2026-54133CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.00

    jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when…

  • CVE-2026-45558CriJun 10, 2026
    risk 0.64cvss 9.9epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and the PUT / global / defaults variants) accept a JSON option…

  • CVE-2017-20251CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.01

    WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the…

  • CVE-2026-44888CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly into pialert.conf without validation. Since pialert.conf is loaded via Python's…

  • CVE-2026-44887CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.01

    Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected…

  • CVE-2026-9170CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to improper input validation.

  • CVE-2026-8633CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.01

    IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request.

  • CVE-2018-25357CriMay 23, 2026
    risk 0.64cvss 9.8epss 0.02

    Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the…

  • CVE-2018-25320CriMay 17, 2026
    risk 0.64cvss 9.8epss 0.01

    ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with…

  • CVE-2021-47952CriMay 16, 2026
    risk 0.64cvss 9.8epss 0.01

    python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval…

  • CVE-2026-44717CriMay 15, 2026
    risk 0.64cvss 9.8epss 0.00

    MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1.

  • CVE-2026-42898CriMay 12, 2026
    risk 0.64cvss 9.9epss 0.01

    Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

  • CVE-2026-31236CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.00

    The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe…

  • CVE-2026-31231CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.01

    Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing,…

  • CVE-2025-65719CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page.

  • CVE-2026-31228CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.01

    The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and…

  • CVE-2026-31220CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.01

    PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions (via @sy.syft_function()) for remote execution…

  • CVE-2026-41512CriMay 8, 2026
    risk 0.64cvss 9.9epss 0.01

    ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1.