Cwe 94

🧬 CWE Related 84
slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。 リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。
📌 Example
Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 657

ID Title
CVE-2026-12242 Code Injection in wordpress (CVE-2026-12242)
CVE-2026-55441 OS Command Injection in mise (CVE-2026-55441)
CVE-2026-44959 Code Injection in CVE-2026-44959 (CVE-2026-44959)
CVE-2026-34916 Code Injection in CVE-2026-34916 (CVE-2026-34916)
CVE-2026-12866 Code Injection in CVE-2026-12866 (CVE-2026-12866)
CVE-2025-67038 KEV An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
CVE-2026-10789 Code Injection in autodesk (CVE-2026-10789)
CVE-2026-33646 Code Injection in mise (CVE-2026-33646)
CVE-2026-9072 Code Injection in dos (CVE-2026-9072)
CVE-2026-8858 Code Injection in dos (CVE-2026-8858)
CVE-2026-50178 Cross-Site Scripting (XSS) in angular (CVE-2026-50178)
CVE-2026-49241 Cross-Site Scripting (XSS) in angular (CVE-2026-49241)
CVE-2026-56446 Code Injection in misp-project (CVE-2026-56446)
CVE-2026-10561 Code Injection in langflow (CVE-2026-10561)
CVE-2026-12822 Vulnerability in langflow (CVE-2026-12822)
CVE-2026-12811 Cross-Site Scripting (XSS) in CVE-2026-12811 (CVE-2026-12811)
CVE-2026-56382 Code Injection in CVE-2026-56382 (CVE-2026-56382)
CVE-2026-5366 Code Injection in prefect (CVE-2026-5366)
CVE-2024-58351 Code Injection in dos (CVE-2024-58351)
CVE-2022-50972 Code Injection in CVE-2022-50972 (CVE-2022-50972)
CVE-2026-54074 Code Injection in @tinacms/cli (CVE-2026-54074)
CVE-2026-55388 Code Injection in piscina (CVE-2026-55388)
CVE-2026-36418 Code Injection in CVE-2026-36418 (CVE-2026-36418)
CVE-2026-54816 Code Injection in CVE-2026-54816 (CVE-2026-54816)
CVE-2026-49113 Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
CVE-2026-40783 Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
CVE-2026-25470 Code Injection in wordpress (CVE-2026-25470)
CVE-2026-46850 Code Injection in c (CVE-2026-46850)
CVE-2026-46851 Code Injection in c (CVE-2026-46851)
CVE-2026-47103 Vulnerability in python-statemachine (CVE-2026-47103)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →