Cwe 94

🧬 CWE Related 84
slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。 リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。
📌 Example
Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 657

ID Title
CVE-2026-24937 Code Injection in CVE-2026-24937 (CVE-2026-24937)
CVE-2026-9485 Cross-Site Scripting (XSS) in CVE-2026-9485 (CVE-2026-9485)
CVE-2026-9471 Cross-Site Scripting (XSS) in CVE-2026-9471 (CVE-2026-9471)
CVE-2026-9448 Cross-Site Scripting (XSS) in CVE-2026-9448 (CVE-2026-9448)
CVE-2026-9416 Cross-Site Scripting (XSS) in c (CVE-2026-9416)
CVE-2026-9417 Cross-Site Scripting (XSS) in CVE-2026-9417 (CVE-2026-9417)
CVE-2026-9419 Cross-Site Scripting (XSS) in CVE-2026-9419 (CVE-2026-9419)
CVE-2026-9418 Cross-Site Scripting (XSS) in CVE-2026-9418 (CVE-2026-9418)
CVE-2026-9414 Cross-Site Scripting (XSS) in CVE-2026-9414 (CVE-2026-9414)
CVE-2026-9415 Cross-Site Scripting (XSS) in CVE-2026-9415 (CVE-2026-9415)
CVE-2026-9413 Cross-Site Scripting (XSS) in CVE-2026-9413 (CVE-2026-9413)
CVE-2026-9377 Cross-Site Scripting (XSS) in CVE-2026-9377 (CVE-2026-9377)
CVE-2026-9357 Cross-Site Scripting (XSS) in CVE-2026-9357 (CVE-2026-9357)
CVE-2018-25357 Code Injection in dolibarr/dolibarr (CVE-2018-25357)
CVE-2026-9302 Vulnerability in CVE-2026-9302 (CVE-2026-9302)
CVE-2026-46517 Code Injection in lmdeploy (CVE-2026-46517)
CVE-2026-46432 Code Injection in lmdeploy (CVE-2026-46432)
CVE-2026-42396 Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail
CVE-2026-39311 Cross-Site Scripting (XSS) in CVE-2026-39311 (CVE-2026-39311)
CVE-2026-8467 Code Injection in phoenix_storybook (CVE-2026-8467)
CVE-2026-22314 Code Injection in CVE-2026-22314 (CVE-2026-22314)
CVE-2008-4250 KEV [KEV] Code Injection in Microsoft windows-2000 (CVE-2008-4250)
CVE-2026-30117 Code Injection in CVE-2026-30117 (CVE-2026-30117)
CVE-2026-2586 Code Injection in org.glassfish.main.admingui:console-common (CVE-2026-2586)
CVE-2025-51427 Code Injection in modelscope (CVE-2025-51427)
CVE-2026-35086 Code Injection in apache (CVE-2026-35086)
CVE-2026-46586 Code Injection in apache (CVE-2026-46586)
CVE-2026-31379 Path Traversal in apache (CVE-2026-31379)
CVE-2026-33233 Code Injection in deserialization (CVE-2026-33233)
CVE-2026-8838 Code Injection in Amazon redshift-connector (CVE-2026-8838)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →