Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,474 vulnerabilities with CWE-94

CVE-2026-2557 LOW

cskefu < 8.0.1 - Cross-Site Scripting via MediaController Upload Function

CVE-2026-2547 LOW

ligerosmart < 6.1.26 - Cross-Site Scripting via Subaction Parameter in AgentDashboard

CVE-2026-2546 LOW

LigeroSmart < 6.1.26 - Cross-Site Scripting via SortBy Argument in /otrs/index.pl

CVE-2026-2545 LOW

LigeroSmart < 6.1.26 - Cross-Site Scripting via AgentTicketSearch Profile Parameter

CVE-2026-26056 HIGH

Yoke < 0.19.0 - Authenticated Arbitrary WASM Execution via Flight Annotation Override

CVE-2026-25227 CRITICAL

authentik <2025.8.6-2025.12.4 - RCE

CVE-2026-26216 CRITICAL

Crawl4AI < 0.8.0 - Unauthenticated Remote Code Execution via Docker API Hooks Parameter

CVE-2026-0969 HIGH

next-mdx-remote 4.3.0-5.9.9 - Remote Code Execution via MDX Content Deserialization

CVE-2026-1226 HIGH

EcoStruxure Building Operation Workstation < 7.0.2 - Remote Code Execution via TGML Graphics File

CVE-2026-1560 HIGH

WordPress Lazy Blocks <4.2.0 - Authenticated RCE

CVE-2026-21537 HIGH

Microsoft Defender for Endpoint for Linux 101.0.0-1.0.8.9 - Unauthenticated Remote Code Execution

CVE-2026-21256 HIGH

GitHub Copilot & VS - Command Injection

CVE-2026-25807 HIGH

taklaxbr/zai_shell < 9.0.3 - Unauthenticated Remote Code Execution via P2P Terminal Sharing

CVE-2026-2224 LOW

Online Reviewer System 1.0 - Cross-Site Scripting via Firstname Parameter

CVE-2026-2222 LOW

Online Reviewer System 1.0 - Cross-Site Scripting via Firstname Parameter

CVE-2026-2214 LOW

online_music_site - Cross-Site Scripting via txtalbum Parameter in AdminAddAlbum.php

CVE-2026-1615 CRITICAL

jsonpath < 1.3.0 - Arbitrary Code Injection via JSON Path Expression Evaluation

CVE-2026-2201 LOW

ZeroWdd studentmanager <2151560fc0a50ec00426785ec1e01a3763b380d9 - XSS

CVE-2026-2200 LOW

heyewei JFinalCMS 5.0.0 - Cross-Site Scripting via /admin/admin/save Endpoint

CVE-2026-2160 MEDIUM

Simple Responsive Tourism Website 1.0 - Cross-Site Scripting via Title Parameter in Master.php

CVE-2026-2159 MEDIUM

SourceCodester Simple Responsive Tourism Website 1.0 - Cross-Site Scripting via Registration Parameter Manipulation

CVE-2026-2156 LOW

Online Student Management System 1.0 - Cross-Site Scripting in Announcement Management Module

CVE-2026-2154 MEDIUM

Patients Waiting Area Queue Management System 1.0 - Stored XSS via Patient Registration First Name

CVE-2026-2150 MEDIUM

Patients Waiting Area Queue Management System 1.0 - Cross-Site Scripting via checkin.php patient_id Parameter

CVE-2026-2149 MEDIUM

Patients Waiting Area Queue Management System 1.0 - Cross-Site Scripting via patient_id Parameter

Previous Page 28 of 259 Next

Details

Vulnerabilities 6,474

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy