Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,474 vulnerabilities with CWE-94

CVE-2026-21656 CRITICAL

Johnson Controls Frick Controls Quantum HD <=10.22 - Code Injection

CVE-2026-3302 MEDIUM

SourceCodester Doctor Appointment System 1.0 - XSS

CVE-2026-26682 HIGH

fastcms < 0.1.6 - Remote Code Execution via PluginController.java

CVE-2026-27966 CRITICAL

Langflow < 1.8.0 - Remote Code Execution via CSV Agent Node

CVE-2026-27952 HIGH

Agenta-API <0.48.1 - Code Injection

CVE-2026-27830 HIGH

c3p0 <0.12.0 - Deserialization

CVE-2026-27577 CRITICAL

n8n <2.10.1/2.9.3/1.123.22 - Command Injection

CVE-2026-27498 HIGH

n8n <2.2.0/1.123.8 - Authenticated RCE

CVE-2026-27497 HIGH

n8n <2.10.1/2.9.3/1.123.22 - Code Injection

CVE-2026-27495 CRITICAL

n8n <2.10.1/2.9.3/1.123.22 - Code Injection

CVE-2026-27493 CRITICAL

n8n <2.10.1/2.9.3/1.123.22 - Code Injection

CVE-2026-27702 CRITICAL

Budibase < 3.30.4 - Authenticated Remote Code Execution via Unsafe Eval in View Filtering

CVE-2026-27701 HIGH

livecodes - JavaScript Injection via Pull Request Title in i18n-update-pull Workflow

CVE-2026-3171 LOW

Patients Waiting Area Queue 1.0 - XSS

CVE-2026-1929 HIGH

Advanced Woo Labels < 2.37 - Authenticated Remote Code Execution via get_select_option_values Callback Parameter

CVE-2026-3170 LOW

Patients Waiting Area Queue Management System 1.0 - XSS

CVE-2026-27745 HIGH

SPIP interface_traduction_objets <4.3.3 - Authenticated RCE

CVE-2026-27744 CRITICAL

SPIP tickets < 4.3.3 - Unauthenticated Remote Code Execution via Forum Preview Template Injection

CVE-2026-27597 CRITICAL

Enclave < 2.11.1 - Remote Code Execution via Sandbox Escape

CVE-2026-3070 MEDIUM

SourceCodester Modern Image Gallery App 1.0 - XSS

CVE-2026-3054 MEDIUM

Alinto SOGo 5.12.3/5.12.4 - Cross-Site Scripting via Hint Argument

CVE-2026-3050 LOW

horilla < 1.0.3 - Cross-Site Scripting via Leads Module Notes Parameter

CVE-2026-25797 MEDIUM

ImageMagick <7.1.2-15/6.9.13-40 - Code Injection

CVE-2026-3043 MEDIUM

itsourcecode Event Management System 1.0 - XSS

CVE-2026-3041 LOW

BaykeShop < 1.3.20 - Cross-Site Scripting via Article Sidebar Module

Previous Page 26 of 259 Next

Details

Vulnerabilities 6,474

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy