Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,475 vulnerabilities with CWE-94

CVE-2025-15202 LOW

CacheCloud < 3.2 - Cross-Site Scripting in Task Queue List

CVE-2025-15201 LOW

Sohu CacheCloud < 3.2 - Cross-Site Scripting in WebResourceController redirectNoPower Function

CVE-2025-15200 LOW

Sohu CacheCloud < 3.2 - Cross-Site Scripting in AppClientDataShowController

CVE-2025-13592 HIGH

WordPress Advanced Ads <= 2.0.14 - Editor Shortcode Code Execution

CVE-2025-68897 CRITICAL

IF AS Shortcode <1.2 - Code Injection

CVE-2025-15188 LOW

Campcodes Complete Online Beauty Parlor Management System 1.0 - Cross-Site Scripting via searchdata Parameter

CVE-2025-15175 LOW

Sohu CacheCloud < 3.2 - Cross-Site Scripting in AppController

CVE-2025-15174 LOW

Sohu CacheCloud < 3.2 - Cross-Site Scripting in doAppAuditList Function

CVE-2025-15173 LOW

SohuTV CacheCloud < 3.2 - Cross-Site Scripting in InstanceController advancedAnalysis

CVE-2025-15172 LOW

SohuTV CacheCloud < 3.2 - Cross-Site Scripting in RedisConfigTemplateController File Preview

CVE-2025-15171 LOW

Sohu CacheCloud < 3.2 - Cross-Site Scripting in ServerController Index Function

CVE-2025-15170 MEDIUM

Advaya Softech GEMS ERP Portal < 2.1 - Cross-Site Scripting via Error Message Handler

CVE-2025-15149 LOW

Rawchen ecms <b59d7feaa9094234e8aa6c8c6b290621ca575ded - XSS

CVE-2025-15148 MEDIUM

CmsEasy < 7.7.7.0 - Remote Code Execution via Backend Template Management Page

CVE-2025-15146 LOW

Sohu CacheCloud < 3.2 - Cross-Site Scripting in UserManageController doUserList

CVE-2025-15145 LOW

SohuTV CacheCloud < 3.2 - Cross-Site Scripting in TotalManageController

CVE-2025-15144 MEDIUM

xunruicms < 4.7.1 - Cross-Site Scripting via JSONP Callback Handler

CVE-2025-15134 LOW

yourmaileyes MOOC < 1.17 - Cross-Site Scripting via Submission Handler

CVE-2025-15130 MEDIUM

shanyu SyCms <a242ef2d194e8bb249dc175e7c49f2c1673ec921 - Code Injec...

CVE-2025-15129 MEDIUM

ChenJinchuang Lin-CMS-TP5 <0.3.3 - Code Injection

CVE-2025-54322 CRITICAL

Xspeeder SXZOS < 2025-12-26 - Unauthenticated Remote Code Execution via Base64-Encoded Python Code in chkid Parameter

CVE-2025-68952 CRITICAL

Eigent 0.0.60 - Remote Code Execution via 1-Click Interaction

CVE-2025-15095 LOW

postmanlabs httpbin <= 0.6.1 - Cross-Site Scripting in core.py

CVE-2025-15094 MEDIUM

FlyCMS < 2019-12-20 - Cross-Site Scripting via User Login Redirect URL

CVE-2025-15093 MEDIUM

sunkaifei FlyCMS < 2019-12-20 - Cross-Site Scripting via IndexAdminController redirectUrl Parameter

Previous Page 36 of 259 Next

Details

Vulnerabilities 6,475

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy