Cwe 94

🧬 CWE Related 84
slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。 リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。
📌 Example
Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 657

ID Title
CVE-2026-44495 Code Injection in axios (CVE-2026-44495)
CVE-2026-45555 Code Injection in csharp (CVE-2026-45555)
CVE-2026-44698 Code Injection in CVE-2026-44698 (CVE-2026-44698)
CVE-2026-9938 Code Injection in google (CVE-2026-9938)
CVE-2026-9976 Code Injection in google (CVE-2026-9976)
CVE-2026-45261 Code Injection in CVE-2026-45261 (CVE-2026-45261)
CVE-2026-32999 Code Injection in CVE-2026-32999 (CVE-2026-32999)
CVE-2026-44888 Code Injection in CVE-2026-44888 (CVE-2026-44888)
CVE-2026-44887 Code Injection in CVE-2026-44887 (CVE-2026-44887)
CVE-2026-25879 SQL Injection in langroid (CVE-2026-25879)
CVE-2026-37713 Code Injection in CVE-2026-37713 (CVE-2026-37713)
CVE-2026-37712 Code Injection in CVE-2026-37712 (CVE-2026-37712)
CVE-2026-37711 Code Injection in CVE-2026-37711 (CVE-2026-37711)
CVE-2026-3012 A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate...
CVE-2026-6169 Code Injection in wordpress (CVE-2026-6169)
CVE-2026-8832 Code Injection in wordpress (CVE-2026-8832)
CVE-2026-5760 Code Injection in jvn (CVE-2026-5760)
CVE-2026-48962 Vulnerability in CVE-2026-48962 (CVE-2026-48962)
CVE-2026-9608 Cross-Site Scripting (XSS) in CVE-2026-9608 (CVE-2026-9608)
CVE-2026-9568 Vulnerability in CVE-2026-9568 (CVE-2026-9568)
CVE-2026-8855 Code Injection in dos (CVE-2026-8855)
CVE-2026-8633 Code Injection in ibm (CVE-2026-8633)
CVE-2026-9170 Code Injection in dos (CVE-2026-9170)
CVE-2026-9566 Cross-Site Scripting (XSS) in CVE-2026-9566 (CVE-2026-9566)
CVE-2026-9564 Cross-Site Scripting (XSS) in CVE-2026-9564 (CVE-2026-9564)
CVE-2026-42785 Code Injection in CVE-2026-42785 (CVE-2026-42785)
CVE-2026-9520 Cross-Site Scripting (XSS) in blitz (CVE-2026-9520)
CVE-2026-9527 Cross-Site Scripting (XSS) in c (CVE-2026-9527)
CVE-2026-9518 Cross-Site Scripting (XSS) in CVE-2026-9518 (CVE-2026-9518)
CVE-2026-9519 Cross-Site Scripting (XSS) in CVE-2026-9519 (CVE-2026-9519)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →