Cwe 94

🧬 CWE Related 84
slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。 リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。
📌 Example
Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 660

ID Title
CVE-2026-30460 Code Injection in thedaylightstudio (CVE-2026-30460)
CVE-2026-35093 Code Injection in freedesktop (CVE-2026-35093)
CVE-2026-4800 Code Injection in lodash (CVE-2026-4800)
CVE-2026-34060 Code Injection in shopify (CVE-2026-34060)
CVE-2026-33940 Code Injection in handlebarsjs (CVE-2026-33940)
CVE-2026-33941 Cross-Site Scripting (XSS) in handlebarsjs (CVE-2026-33941)
CVE-2026-33943 Code Injection in capricorn86 (CVE-2026-33943)
CVE-2026-33937 Code Injection in handlebarsjs (CVE-2026-33937)
CVE-2026-33938 Code Injection in handlebarsjs (CVE-2026-33938)
CVE-2026-27876 Code Injection in grafana (CVE-2026-27876)
CVE-2026-30457 Code Injection in thedaylightstudio (CVE-2026-30457)
CVE-2026-33017 KEV [KEV] Vulnerability in langflow (CVE-2026-33017)
CVE-2025-32432 KEV [KEV] Code Injection in Craft cms craft-cms (CVE-2025-32432)
CVE-2025-54068 KEV [KEV] Code Injection in Laravel livewire (CVE-2025-54068)
CVE-2026-31898 Vulnerability in parall (CVE-2026-31898)
CVE-2025-50881 Code Injection in CVE-2025-50881 (CVE-2025-50881)
CVE-2026-4276 Code Injection in librechat (CVE-2026-4276)
CVE-2026-3476 Code Injection in 3ds (CVE-2026-3476)
CVE-2025-14287 Code Injection in lfprojects (CVE-2025-14287)
CVE-2026-32640 Code Injection in simpleeval (CVE-2026-32640)
CVE-2026-32304 Code Injection in locutus (CVE-2026-32304)
CVE-2026-21669 Code Injection in veeam (CVE-2026-21669)
CVE-2026-21671 Code Injection in veeam (CVE-2026-21671)
CVE-2025-67035 Code Injection in lantronix (CVE-2025-67035)
CVE-2025-67036 Code Injection in lantronix (CVE-2025-67036)
CVE-2025-67037 Code Injection in lantronix (CVE-2025-67037)
CVE-2025-67034 Code Injection in lantronix (CVE-2025-67034)
CVE-2026-2273 Code Injection in schneider-electric (CVE-2026-2273)
CVE-2026-29091 Vulnerability in locutus (CVE-2026-29091)
CVE-2026-27830 Code Injection in deserialization (CVE-2026-27830)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →