Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,184 vulnerabilities with CWE-94

CVE-2026-41137 CRITICAL

Flowise: Code Injection in CSVAgent leads to Authenticated RCE

CVE-2026-41246 HIGH

Contour: Lua code injection via Cookie Path Rewrite Policy

CVE-2026-39087 CRITICAL

Ntfy ntfy.sh <2.21 - RCE

CVE-2026-39440 CRITICAL

WordPress FunnelFormsPro plugin <= 3.8.1 - Remote Code Execution (RCE) vulnerability

CVE-2026-3960 MEDIUM

Remote Code Execution in h2oai/h2o-3

CVE-2026-41229 CRITICAL

Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)

CVE-2026-41196 CRITICAL

Luanti has a mod security sandbox escape

CVE-2026-41134 HIGH

Kiota: Code Generation Literal Injection

CVE-2026-33608 HIGH

Incomplete domain name sanitization during

CVE-2026-40911 CRITICAL

WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks

CVE-2026-6745 LOW

Bagisto Custom Scripts cross site scripting

CVE-2026-40602 MEDIUM

hass-cli: Handling of user-supplied Jinja2 templates

CVE-2026-6743 LOW

WebSystems WebTOTUM Calendar cross site scripting

CVE-2026-31018 HIGH

Dolibarr ERP & CRM <=22.0.4 - Code Injection

CVE-2026-32613 CRITICAL

Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling

CVE-2026-6652 MEDIUM

Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection

CVE-2026-6651 LOW

erponline.xyz ERP Online Inventory Edit Item cross site scripting

CVE-2026-39918 CRITICAL

Vvveb < 1.0.8.1 Code Injection via Installation Endpoint

CVE-2026-5760 CRITICAL

SGLang < 0.59 - Remote Code Execution

CVE-2026-6648 LOW

Qibo CMS Internal Message cross site scripting

CVE-2026-6633 LOW

Yifang CMS Extended Management L_rbac_admin.php store cross site scripting

CVE-2026-6624 LOW

BichitroGan ISP Billing Software Pool List add cross site scripting

CVE-2026-6623 LOW

BichitroGan ISP Billing Software Profile users-view cross site scripting

CVE-2026-6622 LOW

BichitroGan ISP Billing Software Customer edit cross site scripting

CVE-2026-6621 HIGH

1024bit extend-deep index.js prototype pollution

Previous Page 3 of 248 Next

Details

Vulnerabilities 6,184

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy