VYPR

CWE-94

Improper Control of Generation of Code ('Code Injection')

BaseDraftLikelihood: Medium

Description

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-242 · CAPEC-35 · CAPEC-77

CVEs mapped to this weakness (4,701)

page 8 of 236
  • CVE-2025-67887CriMay 8, 2026
    risk 0.64cvss 9.8epss 0.02

    1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for…

  • CVE-2026-36458CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.

  • CVE-2025-63706CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.02

    NPM package next-npm-version1.0.1 is vulnerable to Command injection.

  • CVE-2026-8094CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.

  • CVE-2026-38431CriMay 5, 2026
    risk 0.64cvss 9.8epss 0.00

    ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered.

  • CVE-2026-42994CriMay 1, 2026
    risk 0.64cvss 9.8epss 0.00

    Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.

  • CVE-2026-38992CriApr 29, 2026
    risk 0.64cvss 9.8epss 0.00

    Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator.

  • CVE-2026-39087CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.00

    ntfy before 2.22.0 allows SSRF because of an unanchored regular expression.

  • CVE-2026-39440CriApr 23, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1.

  • CVE-2026-32613CriApr 20, 2026
    risk 0.64cvss 9.9epss 0.01

    Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike…

  • CVE-2026-30993CriApr 15, 2026
    risk 0.64cvss 9.8epss 0.01

    Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable via a crafted input.

  • CVE-2026-39842CriApr 15, 2026
    risk 0.64cvss 9.9epss 0.01

    OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's…

  • CVE-2025-61260CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.07

    A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex…

  • CVE-2026-31048CriApr 13, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue in the pickle protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message.

  • CVE-2026-25776CriApr 8, 2026
    risk 0.64cvss 9.8epss 0.00

    Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.

  • CVE-2024-36057CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.02

    Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data…

  • CVE-2026-30643CriApr 1, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload.

  • CVE-2024-40489CriApr 1, 2026
    risk 0.64cvss 9.8epss 0.01

    There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.

  • CVE-2026-3300CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.41

    The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted form field values into a PHP code…

  • CVE-2026-30313CriMar 30, 2026
    risk 0.64cvss 9.8epss 0.01

    DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as…