Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,474 vulnerabilities with CWE-94

CVE-2026-3028 MEDIUM

JEEWMS < 3.7 - Stored Cross-Site Scripting via Name Parameter in doAdd Function

CVE-2026-3027 MEDIUM

JEEWMS < 3.7 - Cross-Site Scripting via UEditor getContent.jsp myEditor Parameter

CVE-2026-2972 LOW

Smart-SSO < 2.1.1 - Stored Cross-Site Scripting in Role Edit Page

CVE-2026-2971 MEDIUM

Smart-SSO < 2.1.1 - Cross-Site Scripting via redirectUri Parameter

CVE-2026-2965 LOW

07FLYCMS 1.2.0-1.2.9 - Stored Cross-Site Scripting via SysModule Title Parameter

CVE-2026-2964 MEDIUM

higuma web-audio-recorder-js 0.1/0.1.1 - Prototype Pollution

CVE-2026-2947 LOW

rymcu forest <= 0.0.5 - Cross-Site Scripting in User Profile Handler

CVE-2026-2946 LOW

rymcu forest < 0.0.5 - Cross-Site Scripting in XssUtils.replaceHtmlCode

CVE-2026-2943 MEDIUM

SapneshNaik Student Management System - XSS

CVE-2026-2939 LOW

itsourcecode Student Management System 1.0 - XSS

CVE-2026-2934 LOW

YiFang CMS < 2.0.5 - Cross-Site Scripting via Name Parameter in Extended Management Module

CVE-2026-2933 LOW

YiFang CMS < 2.0.5 - Cross-Site Scripting via Name Parameter in Extended Management Module

CVE-2026-2932 LOW

YiFang CMS < 2.0.5 - Cross-Site Scripting via Extended Management Module

CVE-2026-2897 LOW

funadmin < 7.1.0 - Cross-Site Scripting via Backend Interface Value Argument

CVE-2026-27574 CRITICAL

OneUptime <=9.5.13 - Code Injection

CVE-2026-27464 HIGH

Metabase <0.57.13/0.58.x-0.58.6 - Info Disclosure

CVE-2026-26045 HIGH

Moodle 4.5.0-4.5.8 and 5.1.0-beta-5.1.1 - Authenticated Remote Code Execution via Backup Restore

CVE-2026-2825 LOW

rachelos WeRSS we-mp-rss <=1.4.8 - XSS

CVE-2026-26030 CRITICAL

Microsoft Semantic Kernel <1.39.4 - RCE

CVE-2026-25755 HIGH

jsPDF < 4.2.0 - Code Injection via addJS Method

CVE-2026-24764 LOW

OpenClaw <=2026.2.2 - Command Injection

CVE-2026-25548 CRITICAL

InvoicePlane 1.7.0 - RCE via LFI & Log Poisoning

CVE-2026-27174 CRITICAL

MajorDoMo - Unauthenticated Remote Code Execution via Admin Console Eval

CVE-2026-2296 HIGH

Product Addons for Woocommerce 3.1.0 - Code Injection

CVE-2026-2622 LOW

Blossom < 1.17.1 - Cross-Site Scripting in Article Title Handler

Previous Page 27 of 259 Next

Details

Vulnerabilities 6,474

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy