Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,475 vulnerabilities with CWE-94

CVE-2025-13773 CRITICAL

Print Invoice & Delivery Notes for WooCommerce <5.8.0 - RCE

CVE-2025-15052 LOW

Student Information System 1.0 - Stored Cross-Site Scripting via Profile Firstname/Lastname Parameter

CVE-2025-14928 HIGH

Hugging Face Transformers - Remote Code Execution via HuBERT convert_config Function

CVE-2025-14927 HIGH

Hugging Face Transformers - Remote Code Execution via SEW-D convert_config Function

CVE-2025-14926 HIGH

Hugging Face Transformers - Remote Code Execution via SEW convert_config Function

CVE-2025-65817 HIGH

LSC Smart Connect Indoor IP Camera <1.4.13 - RCE

CVE-2025-14991 LOW

Campcodes Complete Online Beauty Parlor Management System 1.0 - Cross-Site Scripting via fromdate Parameter

CVE-2025-14962 MEDIUM

Simple Stock System 1.0 - Cross-Site Scripting in /market/chatuser.php

CVE-2025-66580 CRITICAL

Dive < 0.11.1 - Stored Cross-Site Scripting and Remote Code Execution via Mermaid Diagram Rendering

CVE-2025-63665 CRITICAL

GT Edge AI Community Edition < 2.0.12 - Remote Code Execution via Prompt Window JSON Injection

CVE-2025-34433 CRITICAL

AVideo 14.3.1-20.1 - Unauthenticated Remote Code Execution via Predictable Installation Salt

CVE-2025-65037 CRITICAL

Azure Container Apps - Remote Code Execution

CVE-2025-64676 HIGH

Microsoft Purview - Path Traversal and Remote Code Execution via '.../...//'

CVE-2025-68278 HIGH

TinaCMS < 3.1.1 - Remote Code Execution via Gray-Matter Markdown Processing

CVE-2025-66078 CRITICAL

Hotel Booking Lite <= 5.2.3 - Code Injection

CVE-2025-60070 MEDIUM

The4 Molla <1.5.13 - Code Injection

CVE-2025-60068 MEDIUM

Javo Core <3.0.0.266 - Code Injection

CVE-2025-14856 MEDIUM

RuoYi < 4.8.1 - Remote Code Injection via /monitor/cache/getnames Fragment Parameter

CVE-2025-14837 MEDIUM

ZZCMS 2025 - Remote Code Injection in Backend Website Settings Module

CVE-2025-62521 CRITICAL

ChurchCRM < 5.21.0 - Unauthenticated Remote Code Execution via Setup Wizard PHP Injection

CVE-2025-67172 HIGH

RiteCMS v3.1.0 - Authenticated Remote Code Execution via parse_special_tags()

CVE-2025-67164 CRITICAL

Pagekit 1.0.18 - Authenticated Arbitrary File Upload and Remote Code Execution via /storage/poc.php

CVE-2025-14801 LOW

xiweicheng teamwork_management_system < 2.28.0 - Stored Cross-Site Scripting via Comment Content

CVE-2025-46295 CRITICAL

Claris FileMaker Server - Apache Commons Text Interpolation Code Execution

CVE-2025-37164 CRITICAL KEV

HPE OneView unauthenticated RCE

Previous Page 37 of 259 Next

Details

Vulnerabilities 6,475

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy