CWE-94— Improper Control of Generation of Code (Code Injection)
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.— MITRE CWE catalog
6,503 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-94page 119 of 131
- CVE-2026-21537HIGHCVSS 8.8EG 8.82026-02-10
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
- CVE-2026-2154MEDIUMCVSS 4.3EG 4.32026-02-08
A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Impacted is an unknown function of the file /registration.php of the component Patient Registration Module. The manipulation …
- CVE-2026-2156LOWCVSS 2.4EG 2.42026-02-08
A weakness has been identified in code-projects Online Student Management System 1.0. The impacted element is an unknown function of the file /admin/announcement/index.php?view=add of the component Announcement Management Module. This mani…
- CVE-2026-2159MEDIUMCVSS 4.3EG 4.32026-02-08
A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument first…
- CVE-2026-2160MEDIUMCVSS 4.3EG 4.32026-02-08
A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_package. The manipulation of the argument Tit…
- CVE-2026-21669CRITICALCVSS 9.9EG 9.92026-03-12
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
- CVE-2026-21671CRITICALCVSS 9.1EG 9.12026-03-12
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
- CVE-2026-21877CRITICALCVSS 9.9EG 9.92026-01-08
n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted …
- CVE-2026-2200LOWCVSS 2.4EG 2.42026-02-09
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched …
- CVE-2026-2201LOWCVSS 2.4EG 2.42026-02-09
A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. The m…
- CVE-2026-2214LOWCVSS 2.4EG 2.42026-02-09
A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initia…
- CVE-2026-22191MEDIUMCVSS 5.2EG 6.52026-03-13
Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can injec…
- CVE-2026-2222LOWCVSS 2.4EG 2.42026-02-09
A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. Executing a manipulation of the argume…
- CVE-2026-2224LOWCVSS 3.5EG 3.52026-02-09
A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argument firstname results in cross site scrip…
- CVE-2026-22244HIGHCVSS 7.2EG 7.22026-01-08
OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to explo…
- CVE-2026-22314CRITICALCVSS 9.0EG 9.02026-05-20
Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This issue affects Meona Client Launcher Co…
- CVE-2026-22390CRITICALCVSS 9.9EG 9.92026-03-05
Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through <=…
- CVE-2026-22584CRITICALCVSS 9.8EG 9.82026-01-09
Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.
- CVE-2026-22666HIGHCVSS 7.2EG 7.22026-04-07
Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard() function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callab…
- CVE-2026-22686CRITICALCVSS 10.0EG 10.02026-01-14
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in …
- CVE-2026-22708CRITICALCVSS 9.8EG 9.82026-01-14
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without…
- CVE-2026-22709CRITICALCVSS 9.8EG 9.82026-01-26
vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In …
- CVE-2026-2273HIGHCVSS 8.2EG 8.22026-03-10
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a poten…
- CVE-2026-22771HIGHCVSS 8.8EG 8.82026-01-12
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's cr…
- CVE-2026-22793CRITICALCVSS 9.6EG 9.62026-01-21
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts cod…
- CVE-2026-22807CRITICALCVSS 9.8EG 8.82026-01-21
vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto_map` dynamic modules during model resolution without gating on `trust_remote_co…
- CVE-2026-22869CRITICALCVSS 9.8EG 9.82026-01-13
Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow (.github/workflows/ci.yml) allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pull…
- CVE-2026-2287CRITICALCVSS 9.8EG 9.82026-03-30
CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation.
- CVE-2026-2296HIGHCVSS 7.2EG 7.22026-02-18
The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' fiel…
- CVE-2026-23498HIGHCVSS 7.2EG 7.22026-01-14
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map(...) override. This vulnerability is fixe…
- CVE-2026-23523CRITICALCVSS 9.6EG 9.62026-01-16
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and…
- CVE-2026-23733MEDIUMCVSS 6.4EG 9.62026-01-18
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting (XSS) vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the applicati…
- CVE-2026-23742HIGHCVSS 8.8EG 8.82026-01-16
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline…
- CVE-2026-23830CRITICALCVSS 10.0EG 10.02026-01-28
SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the glob…
- CVE-2026-23852CRITICALCVSS 9.6EG 9.62026-01-19
SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting (XSS) vulnerability that allows an attacker to inject arbitrary HTML attributes into the `icon` attribute of a block via the `/api…
- CVE-2026-23946MEDIUMCVSS 6.8EG 6.82026-01-22
Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module (which is not enabled by def…
- CVE-2026-23947CRITICALCVSS 9.8EG 9.82026-01-20
Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issu…
- CVE-2026-24118CRITICALCVSS 9.8EG 9.82026-05-04
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host …
- CVE-2026-24120CRITICALCVSS 9.8EG 9.82026-05-04
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands…
- CVE-2026-24132CRITICALCVSS 9.8EG 9.82026-01-23
Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScri…
- CVE-2026-24149HIGHCVSS 7.8EG 7.82026-02-03
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of p…
- CVE-2026-24155HIGHCVSS 7.8EG 7.82026-06-16
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
- CVE-2026-24248HIGHCVSS 7.8EG 7.82026-07-01
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering,…
- CVE-2026-24249HIGHCVSS 7.8EG 7.82026-07-01
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, a…
- CVE-2026-24474MEDIUMCVSS 5.3EG 5.32026-01-24
Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, `use_animated_open` formats a string for `eval` with an `id` that can be user supplied. Commit 41…
- CVE-2026-24747HIGHCVSS 8.8EG 8.82026-01-27
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.loa…
- CVE-2026-24780HIGHCVSS 8.8EG 8.82026-01-29
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints (both mai…
- CVE-2026-24781CRITICALCVSS 9.8EG 9.82026-05-04
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute ar…
- CVE-2026-24806MEDIUMCVSS 5.3EG 5.32026-01-27
Improper Control of Generation of Code ('Code Injection') vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules). This vulnerability is associated with prog…
- CVE-2026-24871CRITICALCVSS 10.0EG 10.02026-01-27
Improper Control of Generation of Code ('Code Injection') vulnerability in pilgrimage233 Minecraft-Rcon-Manage.This issue affects Minecraft-Rcon-Manage: before 3.0.
Map vulnerabilities like CWE-94 to your infrastructure
EchelonGraph correlates every CVE — across CWE-94 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →