Cwe 94

🧬 CWE Related 84
slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。 リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。
📌 Example
Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 658

ID Title
CVE-2026-42090 Cross-Site Scripting (XSS) in streetwriters (CVE-2026-42090)
CVE-2026-26332 Code Injection in vm2-project (CVE-2026-26332)
CVE-2026-24118 Code Injection in vm2-project (CVE-2026-24118)
CVE-2026-24120 Code Injection in vm2-project (CVE-2026-24120)
CVE-2026-24781 Code Injection in vm2-project (CVE-2026-24781)
CVE-2026-3120 Code Injection in CVE-2026-3120 (CVE-2026-3120)
CVE-2026-6543 Code Injection in langflow (CVE-2026-6543)
CVE-2025-14576 Vulnerability in dos (CVE-2025-14576)
CVE-2026-6999 Cross-Site Scripting (XSS) in CVE-2026-6999 (CVE-2026-6999)
CVE-2026-6951 Code Injection in simple-git (CVE-2026-6951)
CVE-2026-41246 Code Injection in github.com/projectcontour/contour (CVE-2026-41246)
CVE-2026-40466 Vulnerability in org.apache.activemq:apache-activemq (CVE-2026-40466)
CVE-2026-41044 Vulnerability in org.apache.activemq:apache-activemq (CVE-2026-41044)
CVE-2026-39087 Vulnerability in heckel.io/ntfy/v2 (CVE-2026-39087)
CVE-2026-3960 Code Injection in h2o (CVE-2026-3960)
CVE-2026-41196 Code Injection in minetest (CVE-2026-41196)
CVE-2026-41134 Code Injection in deserialization (CVE-2026-41134)
CVE-2026-41179 OS Command Injection in github.com/rclone/rclone (CVE-2026-41179)
CVE-2026-31018 Code Injection in dolibarr (CVE-2026-31018)
CVE-2026-41242 Code Injection in protobufjs-project (CVE-2026-41242)
CVE-2026-34197 KEV [KEV] Vulnerability in Apache activemq (CVE-2026-34197)
CVE-2026-40316 OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
CVE-2026-33414 OS Command Injection in podman-project (CVE-2026-33414)
CVE-2025-61260 Code Injection in CVE-2025-61260 (CVE-2025-61260)
CVE-2026-27674 Code Injection in sap (CVE-2026-27674)
CVE-2009-0238 KEV [KEV] Code Injection in Microsoft office (CVE-2009-0238)
CVE-2025-70364 Code Injection in CVE-2025-70364 (CVE-2025-70364)
CVE-2026-1340 KEV [KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340)
CVE-2026-30460 Code Injection in thedaylightstudio (CVE-2026-30460)
CVE-2026-35093 Code Injection in freedesktop (CVE-2026-35093)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →