Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,457 vulnerabilities with CWE-94

CVE-2026-46432 HIGH

LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

CVE-2026-47292 HIGH

Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability

CVE-2026-45583 HIGH

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2026-0414 MEDIUM

NETGEAR RBE97x - Arbitrary Code Execution Vulnerability Exists in RBE970

CVE-2026-8795 HIGH

Rapid7 Velociraptor < 0.76.6 - Improper Encoding or Escaping of Output

CVE-2026-11688 HIGH

Google Chrome - Arbitrary Code Execution

CVE-2026-52778 CRITICAL

YesWiki has Unsafe eval() in Formula Calculator - Remote Code Execution (RCE) & Denial of Service (DoS)

CVE-2026-11393 CRITICAL

Code injection via improper triple-quote escaping in AgentCore CLI Bedrock Agent import

CVE-2026-25856 HIGH

OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface

CVE-2026-11534 LOW

imvks786 student_management_system add.php cross site scripting

CVE-2026-46442 CRITICAL

Flowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape

CVE-2026-11520 LOW

SourceCodester Inventory System header.php cross site scripting

CVE-2026-11518 MEDIUM

SourceCodester Inventory System User Management users.php cross site scripting

CVE-2026-11512 MEDIUM

itsourcecode Hospital Management System billing.php cross site scripting

CVE-2026-11491 LOW

CodeAstro Human Resource Management System Notice Board Management All_notice cross site scripting

CVE-2026-11468 LOW

SourceCodester Hospitals Patient Records Management System page room_types cross site scripting

CVE-2026-11436 MEDIUM

Mage AI Sign-in Flow index.tsx useMutation cross site scripting

CVE-2026-11434 LOW

FluentCMS Blocks Plugin blocks cross site scripting

CVE-2026-49493 HIGH

Markdown Preview Enhanced Arbitrary Code Execution via Bitfield interpretJS()

CVE-2026-11338 LOW

SourceCodester Ship Ferry Ticket Reservation System manage_user cross site scripting

CVE-2026-11337 MEDIUM

tittuvarghese CollegeManagementSystem fetch.php cross site scripting

CVE-2026-11231 HIGH

Google Chrome - Arbitrary Code Execution

CVE-2026-11218 MEDIUM

Google Chrome - Arbitrary Code Execution

CVE-2026-11157 MEDIUM

Google Chrome - Improper Control of Generation of Code ('Code Injection')

CVE-2026-10928 HIGH

Google Chrome - Improper Control of Generation of Code ('Code Injection')

Previous Page 2 of 259 Next

Details

Vulnerabilities 6,457

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy