CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,475 vulnerabilities with CWE-94
CVE-2025-69262 HIGH
pnpm 6.25.0-10.26.2 - Remote Code Execution via .npmrc Environment Variable Substitution
CVSS 7.5
CVE-2025-55204 HIGH
muffon < 2.3.0 - Remote Code Execution via Crafted muffon:// URL Handler
CVSS 8.8
CVE-2025-15454 LOW
zhanglun lettura < 0.1.22 - Cross-Site Scripting in RSS Handler
CVSS 3.1
CVE-2025-15452 LOW
wang.market wangmarket < 4.9 - Stored Cross-Site Scripting via Backend Variable Search Description Parameter
CVSS 2.4
CVE-2025-15451 LOW
wangmarket < 4.9 - Cross-Site Scripting via System Variables Page Description Parameter
CVSS 2.4
CVE-2025-11837 CRITICAL
QNAP Malware Remover < 6.6.8.20251023 - Code Injection
CVSS 9.8
CVE-2025-15437 LOW
LigeroSmart < 6.1.24 - Cross-Site Scripting via REQUEST_URI Manipulation
CVSS 3.5
CVE-2025-15416 LOW
wangmarket < 6.4 - Stored Cross-Site Scripting via Remark/Variable Value in Add Global Variable Handler
CVSS 2.4
CVE-2025-68619 HIGH
Signal K Server <2.19.0 - Code Injection
CVSS 7.2
CVE-2025-15394 MEDIUM
idreamsoft iCMS < 8.0.0 - Remote Code Injection via Config Parameter
CVSS 4.7
CVE-2025-15393 MEDIUM
KodiCMS < 13.82.135 - Remote Code Injection via Layout API Endpoint
CVSS 6.3
CVE-2025-15374 LOW
EyouCMS < 1.7.8 - Cross-Site Scripting in Ask Module
CVSS 3.5
CVE-2025-15372 LOW
youlai/vue3-element-admin < 3.4.0 - Cross-Site Scripting in Notice Handler
CVSS 2.4
CVE-2025-15223 MEDIUM
Philipinho Simple-PHP-Blog < 2025-01-22 - Cross-Site Scripting via Username Parameter in login.php
CVSS 4.3
CVE-2025-66848 CRITICAL
JD Cloud NAS Routers - Unauthorized Remote Command Execution
CVSS 9.8
CVE-2025-15250 MEDIUM
08CMS Novel System <3.4 - Code Injection
CVSS 4.7
CVE-2025-15249 LOW
zhujunliang3 work_platform <6bc5a50bb527ce27f7906d11ea6ec139beb79c3...
CVSS 3.5
CVE-2025-15248 LOW
sunhailin12315 product-review <91ead6890b4065bb45b7602d0d73348e75cb...
CVSS 3.5
CVE-2025-14509 HIGH
Lucky Wheel for WooCommerce - Spin a Sale <1.1.13 - Code Injection
CVSS 7.2
CVE-2025-15221 LOW
SohuTV CacheCloud < 3.2 - Cross-Site Scripting in AppDataMigrateController
CVSS 3.5
CVE-2025-15220 MEDIUM
Sohu CacheCloud < 3.2 - Cross-Site Scripting in LoginController init Function
CVSS 4.3
CVE-2025-15219 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in MachineManageController
CVSS 3.5
CVE-2025-15214 LOW
Campcodes Park Ticketing System 1.0 - Cross-Site Scripting in save_pricing Function
CVSS 2.4
CVE-2025-15204 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in QuartzManageController
CVSS 2.4
CVE-2025-15203 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in ResourceController Index Function
CVSS 2.4
Details
Vulnerabilities 6,475
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits