Cwe 94

🧬 CWE Related 84
slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。 リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。
📌 Example
Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 660

ID Title
CVE-2026-44291 Vulnerability in protobufjs (CVE-2026-44291)
CVE-2026-40129 Code Injection in CVE-2026-40129 (CVE-2026-40129)
CVE-2026-37630 Code Injection in CVE-2026-37630 (CVE-2026-37630)
CVE-2026-43874 Code Injection in wwbn/avideo (CVE-2026-43874)
CVE-2026-43898 Code Injection in @nyariv/sandboxjs (CVE-2026-43898)
CVE-2026-41159 Code Injection in mermaid (CVE-2026-41159)
CVE-2026-41149 Code Injection in mermaid (CVE-2026-41149)
CVE-2026-41148 Code Injection in mermaid (CVE-2026-41148)
CVE-2026-31252 Code Injection in deserialization (CVE-2026-31252)
CVE-2026-31251 Vulnerability in deserialization (CVE-2026-31251)
CVE-2026-31253 Code Injection in flash_attn (CVE-2026-31253)
CVE-2026-42603 Code Injection in CVE-2026-42603 (CVE-2026-42603)
CVE-2026-42607 Code Injection in getgrav/grav (CVE-2026-42607)
CVE-2026-40217 Vulnerability in litellm (CVE-2026-40217)
CVE-2026-44346 OS Command Injection in bentoml (CVE-2026-44346)
CVE-2026-8262 Cross-Site Scripting (XSS) in CVE-2026-8262 (CVE-2026-8262)
CVE-2026-8256 Cross-Site Scripting (XSS) in CVE-2026-8256 (CVE-2026-8256)
CVE-2026-8253 Cross-Site Scripting (XSS) in CVE-2026-8253 (CVE-2026-8253)
CVE-2026-8254 Cross-Site Scripting (XSS) in CVE-2026-8254 (CVE-2026-8254)
CVE-2026-8255 Cross-Site Scripting (XSS) in CVE-2026-8255 (CVE-2026-8255)
CVE-2022-50944 Code Injection in CVE-2022-50944 (CVE-2022-50944)
CVE-2021-47938 Code Injection in CVE-2021-47938 (CVE-2021-47938)
CVE-2021-47939 Code Injection in CVE-2021-47939 (CVE-2021-47939)
CVE-2021-47935 Code Injection in sentry (CVE-2021-47935)
CVE-2026-8219 Cross-Site Scripting (XSS) in CVE-2026-8219 (CVE-2026-8219)
CVE-2026-8218 Cross-Site Scripting (XSS) in CVE-2026-8218 (CVE-2026-8218)
CVE-2026-8221 Cross-Site Scripting (XSS) in CVE-2026-8221 (CVE-2026-8221)
CVE-2026-8220 Cross-Site Scripting (XSS) in CVE-2026-8220 (CVE-2026-8220)
CVE-2026-8211 Vulnerability in CVE-2026-8211 (CVE-2026-8211)
CVE-2026-8195 Cross-Site Scripting (XSS) in CVE-2026-8195 (CVE-2026-8195)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →