CWE-94
Improper Control of Generation of Code ('Code Injection')
Description
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-242 · CAPEC-35 · CAPEC-77
CVEs mapped to this weakness (4,701)
page 9 of 236| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-30308 | Cri | 0.64 | 9.8 | 0.01 | Mar 30, 2026 | In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if… | ||
| CVE-2026-30306 | Cri | 0.64 | 9.8 | 0.01 | Mar 30, 2026 | In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges… | ||
| CVE-2026-30305 | Cri | 0.64 | 9.8 | 0.01 | Mar 30, 2026 | Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept… | ||
| CVE-2026-2287 | Cri | 0.64 | 9.8 | 0.01 | Mar 30, 2026 | CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation. | ||
| CVE-2026-32669 | Cri | 0.64 | 9.8 | 0.00 | Mar 27, 2026 | Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products. | ||
| CVE-2026-32525 | Cri | 0.64 | 9.9 | 0.00 | Mar 25, 2026 | Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6.1. | ||
| CVE-2026-27044 | Cri | 0.64 | 9.9 | 0.00 | Mar 25, 2026 | Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0. | ||
| CVE-2026-25366 | Cri | 0.64 | 9.9 | 0.00 | Mar 25, 2026 | Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through <= 2.7.1. | ||
| CVE-2026-26830 | Cri | 0.64 | 9.8 | 0.02 | Mar 25, 2026 | pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are… | ||
| CVE-2024-44722 | Cri | 0.64 | 9.8 | 0.01 | Mar 20, 2026 | SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd. | ||
| CVE-2026-30402 | Cri | 0.64 | 9.8 | 0.01 | Mar 19, 2026 | An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function | ||
| CVE-2025-69902 | Cri | 0.64 | 9.8 | 0.02 | Mar 16, 2026 | A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters. | ||
| CVE-2026-21669 | Cri | 0.64 | 9.9 | 0.01 | Mar 12, 2026 | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | ||
| CVE-2019-25468 | Cri | 0.64 | 9.8 | 0.01 | Mar 11, 2026 | NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. Attackers can send POST requests with shell commands embedded in… | ||
| CVE-2026-22390 | Cri | 0.64 | 9.9 | 0.00 | Mar 5, 2026 | Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1. | ||
| CVE-2025-67979 | Cri | 0.64 | 9.9 | 0.00 | Feb 20, 2026 | Improper Control of Generation of Code ('Code Injection') vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.1. | ||
| CVE-2025-70830 | Cri | 0.64 | 9.9 | 0.01 | Feb 17, 2026 | A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field. | ||
| CVE-2020-37186 | Cri | 0.64 | 9.8 | 0.01 | Feb 11, 2026 | Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system… | ||
| CVE-2025-69872 | Cri | 0.64 | 9.8 | 0.01 | Feb 11, 2026 | DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache. | ||
| CVE-2020-37052 | Cri | 0.64 | 9.8 | 0.01 | Jan 30, 2026 | AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially… |
- risk 0.64cvss 9.8epss 0.01
In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if…
- risk 0.64cvss 9.8epss 0.01
In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges…
- risk 0.64cvss 9.8epss 0.01
Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept…
- risk 0.64cvss 9.8epss 0.01
CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation.
- risk 0.64cvss 9.8epss 0.00
Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.
- risk 0.64cvss 9.9epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6.1.
- risk 0.64cvss 9.9epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0.
- risk 0.64cvss 9.9epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through <= 2.7.1.
- risk 0.64cvss 9.8epss 0.02
pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are…
- risk 0.64cvss 9.8epss 0.01
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd.
- risk 0.64cvss 9.8epss 0.01
An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function
- risk 0.64cvss 9.8epss 0.02
A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.
- risk 0.64cvss 9.9epss 0.01
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
- risk 0.64cvss 9.8epss 0.01
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. Attackers can send POST requests with shell commands embedded in…
- risk 0.64cvss 9.9epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.
- risk 0.64cvss 9.9epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.1.
- risk 0.64cvss 9.9epss 0.01
A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.
- risk 0.64cvss 9.8epss 0.01
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system…
- risk 0.64cvss 9.8epss 0.01
DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.
- risk 0.64cvss 9.8epss 0.01
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially…