Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,463 vulnerabilities with CWE-94

CVE-2026-5836 LOW

code-projects Online Shoe Store admin_product.php cross site scripting

CVE-2026-5835 LOW

code-projects Online Shoe Store admin_football.php cross site scripting

CVE-2026-5834 LOW

code-projects Online Shoe Store admin_running.php cross site scripting

CVE-2026-5826 MEDIUM

code-projects Simple IT Discussion Forum edit-category.php cross site scripting

CVE-2026-5825 MEDIUM

code-projects Simple Laundry System delmemberinfo.php cross site scripting

CVE-2026-1516 MEDIUM

Improper Control of Generation of Code ('Code Injection') in GitLab

CVE-2026-5810 LOW

SourceCodester Sales and Inventory System GET Parameter delete.php cross site scripting

CVE-2026-5808 MEDIUM

openstatusHQ openstatus Onboarding Endpoint client.tsx cross site scripting

CVE-2026-5806 LOW

code-projects Easy Blog Site update.php cross site scripting

CVE-2026-39891 HIGH

PraisonAI <4.5.115 Agent Tool Definitions - Template Injection

CVE-2026-39881 MEDIUM

Vim Ex command injection in Vims NetBeans integration

CVE-2026-34724 HIGH

Zammad AI Agent - Server-Side Template Injection

CVE-2026-31040 CRITICAL

stata-mcp <1.13.0 - Command Injection

CVE-2026-25776 CRITICAL

Movable Type <=9.1.0 - Code Injection

CVE-2026-39846 CRITICAL

SiYuan affected by Remote Code Execution in the Electron desktop client via stored XSS in synced table captions

CVE-2026-5739 HIGH

PowerJob OpenAPI Endpoint addWorkflowNode GroovyEvaluator.evaluate code injection

CVE-2026-39337 CRITICAL

ChurchCRM Affected by Unauthenticated RCE in Install Wizard

CVE-2026-30460 HIGH

FuelCMS 1.5.2 - Authenticated Remote Code Execution in Blocks Module

CVE-2026-34197 HIGH KEV

Apache ActiveMQ Broker, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

CVE-2026-5705 MEDIUM

code-projects Online Hotel Booking Booking Endpoint booknow.php cross site scripting

CVE-2026-35197 MEDIUM

Code injection in dye template expressions

CVE-2026-35178 CRITICAL

Workbench Affected by Remote Code Execution (RCE) via Malicious Cookie in Timezone Conversion

CVE-2026-5671 MEDIUM

Cyber-III Student-Management-System Class Schedule Deletion Endpoint delete_batch.php cross site scripting

CVE-2026-35171 CRITICAL

Arbitrary Code Execution via Malicious Logging Configuration in Kedro

CVE-2026-5668 LOW

Cyber-III Student-Management-System add%20notice.php cross site scripting

Previous Page 16 of 259 Next

Details

Vulnerabilities 6,463

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy