Search

Blog Stats Labs CLI MCP API Limits About Privacy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Blog Statistics Labs CLI Tool MCP Server API Documentation Rate Limits About Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

5,811 vulnerabilities with CWE-94

CVE-2026-3819 LOW

SourceCodester Resort Reservation System 1.0 - XSS

CVE-2026-3812 MEDIUM

itsourcecode Payroll Management System 1.0 - XSS

CVE-2026-3766 LOW

SourceCodester Pharmacy System 1.0 - XSS

CVE-2026-3763 MEDIUM

Simple Flight Ticket Booking System 1.0 - XSS

CVE-2026-3743 LOW

YiFang CMS 2.0.5 - XSS

CVE-2026-3742 LOW

YiFang CMS 2.0.5 - XSS

CVE-2026-3741 LOW

YiFang CMS 2.0.5 - XSS

CVE-2026-3721 LOW

1024-lab SmartAdmin <3.29 - XSS

CVE-2026-3720 LOW

1024-lab/lab1024 SmartAdmin <3.29 - XSS

CVE-2026-3716 LOW

Wavlink WL-WN579X3-C 231124 - XSS

CVE-2026-3702 MEDIUM

SourceCodester Loan Management System 1.0 - XSS

CVE-2026-3352 HIGH

Easy PHP Settings Plugin <1.0.4 - Code Injection

CVE-2026-29075 HIGH

Mesa <=3.5.0 - Code Injection

CVE-2026-2830 MEDIUM

WP All Import <=4.0.0 - XSS

changedetection.io <0.54.4 - Info Disclosure

CVE-2026-28801 MEDIUM

Natro Macro <1.1.0 - Code Injection

CVE-2026-25888 HIGH

Chartbrew <4.8.1 - RCE

CVE-2026-25887 HIGH

Chartbrew <4.8.1 - RCE

CVE-2026-3610 MEDIUM

HSC Cybersecurity Mailinspector <5.3.2-3 - XSS

CVE-2025-70995 HIGH

Aranda Service Desk 8.6 - Authenticated RCE

CVE-2026-28134 HIGH

Crocoblock JetEngine <=3.7.2 - Code Injection

CVE-2026-27984 CRITICAL

Widget Options <=4.1.3 - Code Injection

Builderall Builder for WordPress <=3.0.1 - Code Injection

CVE-2026-28783 CRITICAL

Craft CMS <5.9.0-beta.1/4.17.0-beta.1 - RCE

CVE-2026-23808 MEDIUM

Wireless Roaming Protocol - Auth Bypass

Page 1 of 233 Next

Details

Vulnerabilities 5,811

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy