Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,184 vulnerabilities with CWE-94

CVE-2026-33744 HIGH

BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml

CVE-2026-4899 LOW

code-projects Online Food Ordering System food.php cross site scripting

CVE-2026-4898 MEDIUM

code-projects Online Food Ordering System contact.php cross site scripting

CVE-2026-33622 HIGH

A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution

CVE-2026-30457 CRITICAL

FuelCMS 1.5.2 - Code Injection

CVE-2026-4877 MEDIUM

itsourcecode Payroll Management System index.php cross site scripting

CVE-2026-4849 MEDIUM

code-projects Simple Laundry System Parameter modify.php cross site scripting

CVE-2026-4848 MEDIUM

dameng100 muucmf list.html cross site scripting

CVE-2026-4847 MEDIUM

dameng100 muucmf list.html cross site scripting

CVE-2026-4846 MEDIUM

dameng100 muucmf autoReply.html cross site scripting

CVE-2026-4845 MEDIUM

dameng100 muucmf index.html cross site scripting

CVE-2026-4835 LOW

code-projects Accounting System Web Application add_costumer.php cross site scripting

CVE-2026-33660 HIGH

n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

CVE-2026-32573 CRITICAL

WordPress Nelio AB Testing plugin <= 8.2.7 - Remote Code Execution (RCE) vulnerability

CVE-2026-32525 CRITICAL

WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability

CVE-2026-27044 CRITICAL

WordPress Total Poll Lite plugin <= 4.12.0 - Remote Code Execution (RCE) vulnerability

CVE-2026-25447 CRITICAL

WordPress Widget Wrangler plugin <= 2.3.9 - Remote Code Execution (RCE) vulnerability

CVE-2026-25366 CRITICAL

WordPress Woody ad snippets plugin <= 2.7.1 - Remote Code Execution (RCE) vulnerability

CVE-2026-25001 HIGH

WordPress Post Snippets plugin <= 4.0.12 - Remote Code Execution (RCE) vulnerability

CVE-2026-26833 CRITICAL

thumbler <=1.1.2 - Command Injection

CVE-2026-26831 CRITICAL

textract through 2.5.0 - Command Injection

CVE-2026-26830 CRITICAL

pdf-image through 2.0.0 - Command Injection

CVE-2026-33336 HIGH

Vikunja Desktop vulnerable to Remote Code Execution via same-window navigation

CVE-2026-33334 CRITICAL

Vikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegration

CVE-2026-33310 HIGH

Intake has a Command Injection via shell() Expansion in Parameter Defaults

Previous Page 10 of 248 Next

Details

Vulnerabilities 6,184

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy