CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,457 vulnerabilities with CWE-94
CVE-2026-10904 HIGH
Google Chrome - Arbitrary Code Execution
CVSS 8.8
CVE-2026-41249 HIGH
CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration
CVSS 8.2
CVE-2026-10810 MEDIUM
itsourcecode Fees Management System navbar.php cross site scripting
CVSS 4.3
CVE-2026-10688 MEDIUM
ahujasid blender-mcp server.py execute_blender_code code injection
CVSS 5.5
CVE-2026-49143 HIGH
BrowserStack Runner 0.9.5 Unauthenticated RCE via /_log HTTP Handler
CVSS 8.8
CVE-2026-1829 HIGH
Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution
CVSS 8.8
CVE-2026-47117 CRITICAL
OpenMed < 1.5.2 Remote Code Execution via PII Model Loading
CVSS 9.8
CVE-2026-10567 LOW
1Panel-dev CordysCRM ModuleFormController ModuleFormService.java save cross site scripting
CVSS 3.5
CVE-2026-10529 LOW
westboy CicadasCMS Task Scheduling Management ScheduleJobController.java cross site scripting
CVSS 2.4
CVE-2026-10514 LOW
1Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting
CVSS 2.4
CVE-2026-10301 MEDIUM
itsourcecode Fees Management System 1.0 - Cross-Site Scripting via index.php page Parameter
CVSS 4.3
CVE-2026-25879 CRITICAL
Langroid < 0.63.0 - SQL Injection via LLM Prompt Injection
CVSS 9.8
CVE-2026-10289 MEDIUM
Hotel and Tourism Reservation System 1.0 - Cross-Site Scripting via Tour.php Name/Email/People/Number Parameters
CVSS 4.3
CVE-2026-9311 CRITICAL
IBM WebSphere Application Server 8.5 and 9.0 - Remote Code Execution via Security Control Bypass
CVSS 9.0
CVE-2026-45132 CRITICAL
CloudPirates Open Source Helm Charts: GitHub Actions workflow leaks PAT and SSH signing key via unsafe credential handling
CVSS 10.0
CVE-2026-45131 CRITICAL
CloudPirates Helm Charts - GitHub Actions Secret Exfiltration
CVSS 10.0
CVE-2026-8931 CRITICAL
Disig Web Signer 2.0.3-2.5.3 - Remote Code Execution
CVE-2026-10247 LOW
SourceCodester Pharmacy Sales and Inventory System main create_generic_name cross site scripting
CVSS 3.5
CVE-2026-10246 LOW
SourceCodester Pharmacy Sales and Inventory System main create_medicine_presentation cross site scripting
CVSS 3.5
CVE-2026-10245 LOW
SourceCodester Pharmacy Sales and Inventory System main create_supplier cross site scripting
CVSS 3.5
CVE-2026-10244 LOW
SourceCodester Pharmacy Sales and Inventory System main create_medicine_name cross site scripting
CVSS 3.5
CVE-2026-45505 HIGH
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass
CVSS 8.8
CVE-2026-42588 HIGH
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
CVSS 8.1
CVE-2026-10234 LOW
Mettle sendportal Campaign webview cross site scripting
CVSS 3.5
CVE-2026-10228 LOW
raisulislamg4 student_management_system_by_php admission_form_check.php cross site scripting
CVSS 3.5
Details
Vulnerabilities 6,457
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits