Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,465 vulnerabilities with CWE-94

CVE-2026-3946 LOW

PHPEMS 11.0 - Cross-Site Scripting via askcontent Parameter

CVE-2026-20892 HIGH

MR-GM5L-S1 & MR-GM5A-L1 - Command Injection

CVE-2026-30960 CRITICAL

rssn < 0.2.9 - Arbitrary Code Execution via JIT Compilation Engine

CVE-2026-2273 HIGH

Engineering Workstation - Code Injection

CVE-2026-30887 CRITICAL

OneUptime <10.0.18 - Command Injection

CVE-2026-3819 LOW

SourceCodester Resort Reservation System 1.0 - XSS

CVE-2026-3812 MEDIUM

itsourcecode Payroll Management System 1.0 - XSS

CVE-2026-3766 LOW

SourceCodester Pharmacy System 1.0 - XSS

CVE-2026-3763 MEDIUM

Simple Flight Ticket Booking System 1.0 - XSS

CVE-2026-3743 LOW

YiFang CMS 2.0.5 - Cross-Site Scripting via Name Argument in Single Page Group Update

CVE-2026-3742 LOW

YiFang CMS 2.0.5 - Cross-Site Scripting via Title Argument in update Function

CVE-2026-3741 LOW

YiFang CMS 2.0.5 - Cross-Site Scripting via update Function in admin/D_friendLink.php

CVE-2026-3721 LOW

SmartAdmin < 3.29 - Stored Cross-Site Scripting in Help Documentation Module

CVE-2026-3720 LOW

1024-lab/lab1024 SmartAdmin <3.29 - XSS

CVE-2026-3716 LOW

Wavlink WL-WN579X3-C 231124 - Cross-Site Scripting via Hostname Parameter in adm.cgi

CVE-2026-3702 MEDIUM

SourceCodester Loan Management System 1.0 - XSS

CVE-2026-3352 HIGH

Easy PHP Settings Plugin <1.0.4 - Code Injection

CVE-2026-29075 HIGH

mesa < 3.5.0 - Remote Code Execution via benchmarks.yml Workflow

CVE-2026-2830 MEDIUM

WP All Import <= 4.0.0 - Unauthenticated Reflected XSS via Filepath Parameter

CVE-2026-29039 HIGH

changedetection.io <0.54.4 - Info Disclosure

CVE-2026-28801 MEDIUM

Natro Macro <1.1.0 - Code Injection

CVE-2026-25888 HIGH

Chartbrew < 4.8.1 - Remote Code Execution via Vulnerable API

CVE-2026-25887 HIGH

Chartbrew < 4.8.1 - Remote Code Execution via MongoDB Dataset Query

CVE-2026-3610 MEDIUM

HSC Cybersecurity Mailinspector <5.3.2-3 - XSS

CVE-2026-28134 HIGH

Crocoblock JetEngine <=3.7.2 - Code Injection

Previous Page 24 of 259 Next

Details

Vulnerabilities 6,465

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy