Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,458 vulnerabilities with CWE-94

CVE-2026-8094 CRITICAL

Mozilla Firefox and Thunderbird 140.10.2 - WebRTC Code Injection

CVE-2026-8021 MEDIUM

Google Chrome < 148.0.7778.96 - Script Injection in UI via Crafted HTML Page

CVE-2026-35255 MEDIUM

Oracle Cloud Native Environment Command Line Interface - Arbitrary Code Execution

CVE-2026-7841 HIGH

GeoVision ASManager 6.2.0 - Authenticated Remote Code Execution via ASWebCommon.srf Endpoint

CVE-2026-38431 CRITICAL

ERPNext <= 15.103.1 - Server-Side Template Injection

CVE-2026-42238 CRITICAL

Unauthenticated Remote Code Execution via Backup Restore in nginx-ui

CVE-2026-42234 HIGH

n8n: Python Task Runner Sandbox Escape

CVE-2026-42090 CRITICAL

Notesnook: RCE via stored XSS in note export rendering

CVE-2026-26332 CRITICAL

vm2: Sandbox Escape

CVE-2026-24781 CRITICAL

vm2: Sandbox Breakout Through Inspect

CVE-2026-24120 CRITICAL

vm2: Sandbox Breakout Through Promise Species

CVE-2026-24118 CRITICAL

VM2 Sandbox Breakout Through __lookupGetter__

CVE-2026-40563 HIGH

Apache Atlas: Script injection allows access to unintended data

CVE-2026-36365 HIGH

Lymphatus caesium-image-compressor - Code Injection

CVE-2026-3120 HIGH

RCE in Profelis Informatics' SambaBox

CVE-2026-7703 HIGH

AV Stumpfl Pixera Two Media Server Websocket API code injection

CVE-2026-7700 MEDIUM

langflow-ai langflow LambdaFilterComponent lambda_filter.p eval code injection

CVE-2026-7677 LOW

kerwincui FastBee System Notice SysNoticeController.java add cross site scripting

CVE-2026-7669 MEDIUM

sgl-project SGLang HuggingFace Transformer hf_transformers_utils.py get_tokenizer deserialization

CVE-2026-2052 HIGH

Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic

CVE-2026-7596 MEDIUM

nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting

CVE-2026-7595 MEDIUM

nextlevelbuilder ui-ux-pro-max-skill Tailwind Config Generator tailwind_config_gen.py _format_plugins code injection

CVE-2026-7580 MEDIUM

Exiftool JPEG/QuickTime/MOV/MP4 GM.pm Process_mrld code injection

CVE-2026-42994 CRITICAL

Bitwarden CLI 2026.4.0 - Supply Chain Attack

CVE-2026-7508 MEDIUM

Bootstrap CMS Page Creation show.blade.php code injection

Previous Page 10 of 259 Next

Details

Vulnerabilities 6,458

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy