Cwe 94

🧬 CWE Related 84
slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。 リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。
📌 Example
Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 657

ID Title
CVE-2026-58449 Code Injection in CVE-2026-58449 (CVE-2026-58449)
CVE-2026-7873 Code Injection in langflow (CVE-2026-7873)
CVE-2026-10109 Code Injection in ibm (CVE-2026-10109)
CVE-2026-10134 Code Injection in langflow (CVE-2026-10134)
CVE-2026-58138 Code Injection in CVE-2026-58138 (CVE-2026-58138)
CVE-2026-48192 Code Injection in CVE-2026-48192 (CVE-2026-48192)
CVE-2026-58116 Code Injection in hiyouga (CVE-2026-58116)
CVE-2026-37637 Code Injection in CVE-2026-37637 (CVE-2026-37637)
CVE-2026-13749 Code Injection in snowflake (CVE-2026-13749)
CVE-2026-13567 Cross-Site Scripting (XSS) in CVE-2026-13567 (CVE-2026-13567)
CVE-2026-13570 Cross-Site Scripting (XSS) in CVE-2026-13570 (CVE-2026-13570)
CVE-2026-13558 Cross-Site Scripting (XSS) in CVE-2026-13558 (CVE-2026-13558)
CVE-2026-13557 Cross-Site Scripting (XSS) in CVE-2026-13557 (CVE-2026-13557)
CVE-2026-13554 Cross-Site Scripting (XSS) in CVE-2026-13554 (CVE-2026-13554)
CVE-2026-13556 Cross-Site Scripting (XSS) in CVE-2026-13556 (CVE-2026-13556)
CVE-2026-13536 Cross-Site Scripting (XSS) in CVE-2026-13536 (CVE-2026-13536)
CVE-2026-13504 Cross-Site Scripting (XSS) in CVE-2026-13504 (CVE-2026-13504)
CVE-2026-13500 Vulnerability in CVE-2026-13500 (CVE-2026-13500)
CVE-2026-13499 Cross-Site Scripting (XSS) in CVE-2026-13499 (CVE-2026-13499)
CVE-2026-53576 Code Injection in kestra (CVE-2026-53576)
CVE-2026-57315 Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
CVE-2025-7958 Code Injection in CVE-2025-7958 (CVE-2025-7958)
CVE-2026-50741 Code Injection in revive-adserver (CVE-2026-50741)
CVE-2026-55413 Code Injection in CVE-2026-55413 (CVE-2026-55413)
CVE-2026-57456 Code Injection in vim (CVE-2026-57456)
CVE-2026-55895 OS Command Injection in vim (CVE-2026-55895)
CVE-2026-56049 Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
CVE-2026-54823 Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.
CVE-2026-1606 Code Injection in gitlab (CVE-2026-1606)
CVE-2026-55570 Cross-Site Scripting (XSS) in CVE-2026-55570 (CVE-2026-55570)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →