VYPR

CWE-94

Improper Control of Generation of Code ('Code Injection')

BaseDraftLikelihood: Medium

Description

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-242 · CAPEC-35 · CAPEC-77

CVEs mapped to this weakness (4,701)

page 9 of 236
  • CVE-2026-30308CriMar 30, 2026
    risk 0.64cvss 9.8epss 0.01

    In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if…

  • CVE-2026-30306CriMar 30, 2026
    risk 0.64cvss 9.8epss 0.01

    In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges…

  • CVE-2026-30305CriMar 30, 2026
    risk 0.64cvss 9.8epss 0.01

    Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept…

  • CVE-2026-2287CriMar 30, 2026
    risk 0.64cvss 9.8epss 0.01

    CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation.

  • CVE-2026-32669CriMar 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.

  • CVE-2026-32525CriMar 25, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6.1.

  • CVE-2026-27044CriMar 25, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0.

  • CVE-2026-25366CriMar 25, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through <= 2.7.1.

  • CVE-2026-26830CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.02

    pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are…

  • CVE-2024-44722CriMar 20, 2026
    risk 0.64cvss 9.8epss 0.01

    SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd.

  • CVE-2026-30402CriMar 19, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function

  • CVE-2025-69902CriMar 16, 2026
    risk 0.64cvss 9.8epss 0.02

    A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.

  • CVE-2026-21669CriMar 12, 2026
    risk 0.64cvss 9.9epss 0.01

    A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

  • CVE-2019-25468CriMar 11, 2026
    risk 0.64cvss 9.8epss 0.01

    NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. Attackers can send POST requests with shell commands embedded in…

  • CVE-2026-22390CriMar 5, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.

  • CVE-2025-67979CriFeb 20, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.1.

  • CVE-2025-70830CriFeb 17, 2026
    risk 0.64cvss 9.9epss 0.01

    A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.

  • CVE-2020-37186CriFeb 11, 2026
    risk 0.64cvss 9.8epss 0.01

    Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system…

  • CVE-2025-69872CriFeb 11, 2026
    risk 0.64cvss 9.8epss 0.01

    DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.

  • CVE-2020-37052CriJan 30, 2026
    risk 0.64cvss 9.8epss 0.01

    AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially…