Cwe 94

🧬 CWE Related 84
slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。 リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。
📌 Example
Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 657

ID Title
CVE-2026-10810 Cross-Site Scripting (XSS) in CVE-2026-10810 (CVE-2026-10810)
CVE-2026-44016 Code Injection in docling (CVE-2026-44016)
CVE-2026-10688 Vulnerability in CVE-2026-10688 (CVE-2026-10688)
CVE-2026-49143 Code Injection in browserstack-runner (CVE-2026-49143)
CVE-2026-1829 The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
CVE-2026-47117 Code Injection in openmed (CVE-2026-47117)
CVE-2026-39552 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2026-10567 Cross-Site Scripting (XSS) in CVE-2026-10567 (CVE-2026-10567)
CVE-2026-10529 Cross-Site Scripting (XSS) in CVE-2026-10529 (CVE-2026-10529)
CVE-2026-10301 Cross-Site Scripting (XSS) in CVE-2026-10301 (CVE-2026-10301)
CVE-2026-10514 Cross-Site Scripting (XSS) in CVE-2026-10514 (CVE-2026-10514)
CVE-2026-10289 Cross-Site Scripting (XSS) in CVE-2026-10289 (CVE-2026-10289)
CVE-2026-9311 Code Injection in ibm (CVE-2026-9311)
CVE-2026-45131 Code Injection in CVE-2026-45131 (CVE-2026-45131)
CVE-2026-45132 Code Injection in CVE-2026-45132 (CVE-2026-45132)
CVE-2026-8931 Code Injection in CVE-2026-8931 (CVE-2026-8931)
CVE-2026-10244 Cross-Site Scripting (XSS) in CVE-2026-10244 (CVE-2026-10244)
CVE-2026-10245 Cross-Site Scripting (XSS) in CVE-2026-10245 (CVE-2026-10245)
CVE-2026-10246 Cross-Site Scripting (XSS) in CVE-2026-10246 (CVE-2026-10246)
CVE-2026-10247 Cross-Site Scripting (XSS) in CVE-2026-10247 (CVE-2026-10247)
CVE-2026-42588 Vulnerability in activemq (CVE-2026-42588)
CVE-2026-45505 Vulnerability in activemq (CVE-2026-45505)
CVE-2026-10234 Cross-Site Scripting (XSS) in CVE-2026-10234 (CVE-2026-10234)
CVE-2026-10228 Cross-Site Scripting (XSS) in CVE-2026-10228 (CVE-2026-10228)
CVE-2024-21182 KEV Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
CVE-2026-10173 Cross-Site Scripting (XSS) in vue (CVE-2026-10173)
CVE-2026-10175 Vulnerability in aider-chat (CVE-2026-10175)
CVE-2026-10153 Cross-Site Scripting (XSS) in CVE-2026-10153 (CVE-2026-10153)
CVE-2026-10112 Cross-Site Scripting (XSS) in CVE-2026-10112 (CVE-2026-10112)
CVE-2026-44287 Code Injection in CVE-2026-44287 (CVE-2026-44287)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →