Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,458 vulnerabilities with CWE-94

CVE-2026-6543 HIGH

IBM Langflow Desktop Code Validation Endpoint - Authenticated RCE

CVE-2026-7501 LOW

LinkStackOrg LinkStack UserController.php editPage cross site scripting

CVE-2026-36340 HIGH

Krayin CRM 2.1.5 - Remote Code Execution

CVE-2026-7401 MEDIUM

SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting

CVE-2026-34965 HIGH

Cockpit CMS Authenticated Remote Code Execution via Collections

CVE-2026-7466 HIGH

AgentFlow Arbitrary Python Pipeline Execution via pipeline_path

CVE-2026-7390 LOW

SourceCodester Pharmacy Sales and Inventory System index.php customer cross site scripting

CVE-2026-7388 MEDIUM

EyouCMS Template File FilemanagerLogic.php editFile code injection

CVE-2026-38992 CRITICAL

Cockpit < 2.14.0 - Remote Code Execution via Filter Parameter MongoLite $func Operator

CVE-2026-7297 LOW

SourceCodester Pizzafy Ecommerce System ajax.php save_user cross site scripting

CVE-2026-7296 LOW

SourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scripting

CVE-2026-7295 LOW

SourceCodester Pizzafy Ecommerce System ajax.php save_menu cross site scripting

CVE-2026-7294 LOW

SourceCodester Pizzafy Ecommerce System index.php save_settings cross site scripting

CVE-2026-27760 HIGH

OpenCATS PHP Code Injection via installer AJAX endpoint

CVE-2026-7281 LOW

SourceCodester Pharmacy Sales and Inventory System index.php supplier cross site scripting

CVE-2026-7269 LOW

SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting

CVE-2026-7230 MEDIUM

SourceCodester Safety Anger Pad cross site scripting

CVE-2026-40967 HIGH

Spring AI 1.0.0-1.0.5 - Code Injection

CVE-2026-7222 LOW

code-projects Coaching Management System Complaint Form complaint.php cross site scripting

CVE-2026-7200 MEDIUM

SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting

CVE-2026-7191 HIGH

Arbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWS

CVE-2026-7129 MEDIUM

SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting

CVE-2026-7116 MEDIUM

code-projects Employee Management System mark.php cross site scripting

CVE-2026-7110 LOW

code-projects Invoice System in Laravel item cross site scripting

CVE-2026-7095 MEDIUM

code-projects Employee Management System edit.php cross site scripting

Previous Page 11 of 259 Next

Details

Vulnerabilities 6,458

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy