Cwe 94

🧬 CWE Related 84

slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。

📌 Example

Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔗 Related links

MITRE CWE-94 公式ページ ↗

🔖 Related tags

Cwe 20125 Cwe 78120 Cwe 787105 Cwe 41699 Cwe 2296 Cwe 11990 Cwe 50270 Cwe 7966 Cwe 8954 Cwe 91844 Cwe 28443 Cwe 28741 Cwe 7740 Cwe 30638 Cwe 84337

🛡 Vulnerabilities tagged with this 86

ID	Title	Severity	Detected
CVE-2026-8195	Cross-Site Scripting (XSS) in CVE-2026-8195 (CVE-2026-8195)	Medium	2 hours ago
CVE-2026-42301	Vulnerability in CVE-2026-42301 (CVE-2026-42301)	High	19 hours ago
CVE-2026-42298	Code Injection in docker (CVE-2026-42298)	Critical	1 day ago
CVE-2026-41486	Code Injection in CVE-2026-41486 (CVE-2026-41486)		1 day ago
CVE-2026-44336	Vulnerability in praison (CVE-2026-44336)	Critical	1 day ago
CVE-2026-44334	Code Injection in praison (CVE-2026-44334)	High	1 day ago
CVE-2026-41512	Code Injection in gem (CVE-2026-41512)	Critical	1 day ago
CVE-2026-41507	Code Injection in remote (CVE-2026-41507)	Critical	1 day ago
CVE-2026-25077	Code Injection in apache (CVE-2026-25077)	Medium	1 day ago
CVE-2024-46507	Code Injection in yeti-platform (CVE-2024-46507)	High	1 day ago
CVE-2026-8136	Cross-Site Scripting (XSS) in CVE-2026-8136 (CVE-2026-8136)	Low	1 day ago
CVE-2026-43944	Vulnerability in electerm (CVE-2026-43944)	Critical	1 day ago
CVE-2026-41900	OS Command Injection in CVE-2026-41900 (CVE-2026-41900)	High	1 day ago
CVE-2026-41645	Code Injection in projectdiscovery (CVE-2026-41645)	Medium	1 day ago
CVE-2026-8117	Cross-Site Scripting (XSS) in CVE-2026-8117 (CVE-2026-8117)	Medium	1 day ago
CVE-2026-41692	Cross-Site Scripting (XSS) in CVE-2026-41692 (CVE-2026-41692)	Medium	2 days ago
CVE-2026-36458	Code Injection in sqli (CVE-2026-36458)	Critical	2 days ago
CVE-2025-63706	Code Injection in npm (CVE-2025-63706)	Critical	2 days ago
CVE-2026-8094	Code Injection in firefox (CVE-2026-8094)	Critical	2 days ago
CVE-2026-38431	Code Injection in frappe (CVE-2026-38431)	Critical	4 days ago
CVE-2026-24781	Code Injection in vm2-project (CVE-2026-24781)	Critical	5 days ago
CVE-2026-24120	Code Injection in vm2-project (CVE-2026-24120)	Critical	5 days ago
CVE-2026-24118	Code Injection in vm2-project (CVE-2026-24118)	Critical	5 days ago
CVE-2026-34197 KEV	[KEV] Vulnerability in Apache activemq (CVE-2026-34197)	High	3 weeks ago
CVE-2009-0238 KEV	[KEV] Code Injection in Microsoft office (CVE-2009-0238)	High	3 weeks ago
CVE-2026-1340 KEV	[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340)	High	1 month ago
CVE-2026-33017 KEV	[KEV] Code Injection in langflow (CVE-2026-33017)	High	1 month ago
CVE-2025-54068 KEV	[KEV] Code Injection in Laravel livewire (CVE-2025-54068)	High	1 month ago
CVE-2025-32432 KEV	[KEV] Code Injection in Craft cms craft-cms (CVE-2025-32432)	High	1 month ago
CVE-2026-1281 KEV	[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281)	High	3 months ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →