Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,474 vulnerabilities with CWE-94

CVE-2025-67031 MEDIUM

ORSEE 3.1.0 - Authenticated Remote Code Execution via Participant Profile Field Processing

CVE-2025-15024 HIGH

RCE in Yordam Informatics' Library Automation System

CVE-2025-69443 MEDIUM

coleam00 Archon 0.1.0 - Remote Code Execution

CVE-2025-12669 MEDIUM

Improper Control of Generation of Code ('Code Injection') in GitLab

CVE-2025-15463 MEDIUM

Advanced Custom Fields: Extended <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution

CVE-2025-65719 CRITICAL

Kubectl MCP Server 1.1.1 - Remote Code Execution

CVE-2025-67887 CRITICAL

1C-Bitrix through 25.100.500 - Remote Code Execution

CVE-2025-63706 CRITICAL

next-npm-version 1.0.1 - Command Injection

CVE-2025-1978 HIGH

Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console

CVE-2025-14576 HIGH

Possible QML code injection in VectorImage component

CVE-2025-54550 HIGH

Apache Airflow: RCE by race condition in example_xcom dag

CVE-2025-61260 CRITICAL

OpenAI Codex CLI <0.23.0 - Code Execution

CVE-2025-51414 HIGH

Phpgurukul Online Course Registration 3.1 - Arbitrary File Upload

CVE-2025-15632 LOW

1Panel-dev MaxKB MdPreview chat.ts cross site scripting

CVE-2025-70364 HIGH

Kiamo < 8.4 - Authenticated PHP Code Execution

CVE-2025-71058 CRITICAL

Dual DHCP DNS Server 8.01 - DNS Cache Poisoning

CVE-2025-70844 MEDIUM

yaffa 2.0.0 - Stored Cross-Site Scripting via Add Account Group Function

CVE-2025-71281 HIGH

XenForo Template Method Call Restriction Bypass

CVE-2025-15616 MEDIUM

Wazuh Agent and Manager OS Command Injection and Untrusted Search Path

CVE-2025-10679 HIGH

ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Limited Remote Code Execution

CVE-2025-67113 CRITICAL

Small Cell Sercomm SCE4255W <DG3934v3@2308041842 - Command Injection

CVE-2025-69902 CRITICAL

kubectl-mcp-server 1.2.0 - Command Injection

CVE-2025-50881 HIGH

Use It Flow <10.0.0 moniteur.php - PHP Code Execution

CVE-2025-15540 HIGH

Authenticated RCE in Raytha CMS

CVE-2025-14287 HIGH

mlflow/mlflow <3.7.0 - Command Injection

Previous Page 32 of 259 Next

Details

Vulnerabilities 6,474

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy