This page collects WhisperX intelligence signals tagged #CWE-94. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability has been identified in the extensions subsystem (TypeScript Plugins) of the Agent Runtime. The system currently has zero prompt injection detection, no system prompt protection, and no output filtering mechanisms in place. This architectural oversight creates a systemic enabler for mul...
A critical security flaw has been identified in a codebase, exposing two distinct files to potential code injection attacks. The vulnerability, classified as CWE-94 and OWASP A03:2021 - Injection, carries a high severity rating with an 80% confidence level. The root cause is the unsafe use of Python's `eval()` function...
A critical security flaw has been identified in the `arubis/nodegoat-vulnerability-demo` repository, exposing the application to remote code execution. The vulnerability, classified as CWE-94 (Improper Control of Generation of Code), resides in the `app/routes/contributions.js` file. On line 32, the code directly passe...
A high-severity security vulnerability has been flagged in a critical Jinja2 template configuration. The automated scanner Bandit identified rule B701 (CWE-94) in the file `scripts/erd/erd.py` at line 174. The core issue is that the Jinja2 environment is configured with `autoescape=False` by default, creating a direct ...
A high-severity security flaw has been identified within the Apache Superset ecosystem, exposing a potential cross-site scripting (XSS) vulnerability. The automated security scanner Bandit flagged a critical misconfiguration in the `superset-extensions-cli` project, where Jinja2 templates are set with `autoescape=False...
A critical security flaw has been identified in the Apache Superset extensions command-line tool, exposing the platform to potential cross-site scripting (XSS) attacks. The vulnerability, flagged as HIGH severity by the Bandit security scanner, stems from the Jinja2 templating engine's default configuration of `autoesc...
A high-severity security vulnerability has been flagged within the Apache Superset ecosystem, exposing a potential cross-site scripting (XSS) attack vector. The automated security scanner Bandit identified the issue as rule B701 (CWE-94) in a test file for the `superset-extensions-cli`, where the Jinja2 templating engi...