CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,475 vulnerabilities with CWE-94
CVE-2025-33042 HIGH
Apache Avro Java SDK <1.12.1-1.11.5 - Code Injection
CVSS 7.3
CVE-2025-63421 HIGH
filosoft Comerc.32 Commercial Invoicing <16.0.0.3 - RCE
CVSS 7.8
CVE-2025-69872 CRITICAL
DiskCache <= 5.6.3 - Remote Code Execution via Pickle Deserialization
CVSS 9.8
CVE-2025-14541 HIGH
Lucky Wheel Giveaway <= 1.0.22 - Authenticated Remote Code Execution via Conditional Tags Parameter
CVSS 7.2
CVE-2025-70073 HIGH
ChestnutCMS < 1.5.8 - Remote Code Execution via Template Creation Function
CVSS 7.2
CVE-2025-61732 HIGH
GO < 1.24.13 - Code Injection
CVSS 8.6
CVE-2025-69983 CRITICAL
FUXA v1.2.7 - Remote Code Execution via Project Import
CVSS 9.8
CVE-2025-24293 CRITICAL
Rubygems Activestorage < 8.0.2.1 - Command Injection
CVE-2025-62348 HIGH
Salt < 3006.17, 3006.0-3006.16, 3007.0-3007.8 - Remote Code Execution via Unsafe YAML Decode in junos Execution Module
CVSS 7.8
CVE-2025-69517 HIGH
Tactical RMM <= 1.3.1 - Authenticated HTML Injection via Agent Creation Endpoint
CVSS 8.8
CVE-2025-57283 HIGH
browserstack-local 1.5.8 - OS Command Injection via Logfile Variable
CVSS 7.8
CVE-2025-69564 CRITICAL
Mobile Shop Management System 1.0 - SQL Injection via User Registration Parameters
CVSS 9.8
CVE-2025-67847 HIGH
Moodle 4.1.0-4.1.21 and 5.1.0-beta - Authenticated Remote Code Execution via Restore Interface
CVSS 8.8
CVE-2025-69319 HIGH
Beaver Builder <2.9.4.1 - Code Injection
CVSS 7.5
CVE-2025-69001 MEDIUM
Shahjahan Jewel FluentForm <= 6.1.11 - Code Injection
CVSS 5.3
CVE-2025-68015 CRITICAL
Vollstart Event Tickets <2.8.4 - Code Injection
CVSS 9.0
CVE-2025-67944 CRITICAL
Nelio AB Testing <8.1.8 - Code Injection
CVSS 9.1
CVE-2025-55423 CRITICAL
ipTIME Router Firmware - OS Command Injection via UPnP Relay controlURL Parameter
CVSS 9.8
CVE-2025-33233 HIGH
NVIDIA Merlin Transformers4Rec - Code Injection
CVSS 7.8
CVE-2025-64691 HIGH
AVEVA Process Optimization < 2025 - Authenticated Privilege Escalation via TCL Macro Script Tampering
CVSS 8.8
CVE-2025-61937 CRITICAL
AVEVA Process Optimization < 2025 - Unauthenticated Remote Code Execution via taoimr Service
CVSS 10.0
CVE-2025-41717 HIGH
Phoenix Contact TC ROUTER and CLOUD CLIENT - Unauthenticated Remote Code Execution via Config Upload
CVSS 8.8
CVE-2025-15505 LOW
Luxul XWR-600 <= 4.0.1 - Cross-Site Scripting via Guest Network/Wireless Profile SSID
CVSS 2.4
CVE-2025-66916 CRITICAL
dromara ruoyi-vue-plus < 5.5.1 - Arbitrary File Read and Write via QLExpress Expression Injection
CVSS 9.4
CVE-2025-66913 CRITICAL
JimuReport < 2.1.3 - Remote Code Execution via H2 JDBC URL Processing
CVSS 9.8
Details
Vulnerabilities 6,475
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits