Cwe 94

🧬 CWE Related 84
slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。 リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。
📌 Example
Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 658

ID Title
CVE-2026-41486 Code Injection in ray (CVE-2026-41486)
CVE-2026-44728 Vulnerability in @babel/plugin-transform-modules-systemjs (CVE-2026-44728)
CVE-2026-29202 Code Injection in CVE-2026-29202 (CVE-2026-29202)
CVE-2026-44670 Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44670)
CVE-2026-44334 Code Injection in praisonai (CVE-2026-44334)
CVE-2026-44336 Vulnerability in praison (CVE-2026-44336)
CVE-2026-41507 Code Injection in remote (CVE-2026-41507)
CVE-2026-41512 Code Injection in gem (CVE-2026-41512)
CVE-2026-25077 Code Injection in apache (CVE-2026-25077)
CVE-2025-67887 Code Injection in CVE-2025-67887 (CVE-2025-67887)
CVE-2024-46507 Code Injection in yeti-platform (CVE-2024-46507)
CVE-2026-8136 Cross-Site Scripting (XSS) in CVE-2026-8136 (CVE-2026-8136)
CVE-2026-43944 Vulnerability in electerm (CVE-2026-43944)
CVE-2026-42203 Vulnerability in litellm (CVE-2026-42203)
CVE-2026-41645 Code Injection in github.com/projectdiscovery/nuclei/v3 (CVE-2026-41645)
CVE-2026-41900 OS Command Injection in openlearnx (CVE-2026-41900)
CVE-2026-8117 Cross-Site Scripting (XSS) in CVE-2026-8117 (CVE-2026-8117)
CVE-2026-41692 Cross-Site Scripting (XSS) in i18nextify (CVE-2026-41692)
CVE-2026-42879 Unrestricted File Upload in facturascripts/facturascripts (CVE-2026-42879)
CVE-2026-42214 Code Injection in dail8859 (CVE-2026-42214)
CVE-2026-36458 Code Injection in sqli (CVE-2026-36458)
CVE-2025-63706 Code Injection in npm (CVE-2025-63706)
CVE-2026-8094 Code Injection in firefox (CVE-2026-8094)
CVE-2025-1978 Code Injection in hitachi (CVE-2025-1978)
CVE-2026-41139 Vulnerability in mathjs (CVE-2026-41139)
CVE-2026-44513 Code Injection in diffusers (CVE-2026-44513)
CVE-2026-44827 Code Injection in diffusers (CVE-2026-44827)
CVE-2026-44244 Code Injection in GitPython (CVE-2026-44244)
CVE-2026-7841 Code Injection in CVE-2026-7841 (CVE-2026-7841)
CVE-2026-38431 Code Injection in frappe (CVE-2026-38431)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →