Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,477 vulnerabilities with CWE-94

CVE-2025-46295 CRITICAL

Claris FileMaker Server - Apache Commons Text Interpolation Code Execution

CVE-2025-37164 CRITICAL KEV

HPE OneView unauthenticated RCE

CVE-2025-67748 HIGH

fickling < 0.1.6 - Unsafe Pickle Misclassification via pty Module Import Bypass

CVE-2025-67744 CRITICAL

deepchat < 0.5.3 - Remote Code Execution via Mermaid Diagram Rendering

CVE-2025-14730 MEDIUM

CTCMS < 2.1.2 - Remote Code Injection via Cj_Add/Cj_Edit Argument

CVE-2025-14729 MEDIUM

CTCMS < 2.1.2 - Remote Code Execution via CT_App_Paytype Argument

CVE-2025-14722 LOW

vion707 DMadmin <3403cafdb42537a648c30bf8cbc8148ec60437d1 - XSS

CVE-2025-66438 HIGH

ERPNext < 15.89.0 - Authenticated Server-Side Template Injection via Print Format HTML Field

CVE-2025-66437 HIGH

Frappe ERPNext <= 15.89.0 - Authenticated Server-Side Template Injection via Address Template

CVE-2025-66436 MEDIUM

Frappe ERPNext < 15.89.0 - Authenticated Server-Side Template Injection via get_terms_and_conditions

CVE-2025-66435 MEDIUM

Frappe ERPNext < 15.89.0 - Authenticated Server-Side Template Injection via Contract Template

CVE-2025-66434 HIGH

Frappe ERPNext < 15.89.0 - Authenticated Server-Side Template Injection via get_dunning_letter_text

CVE-2025-14691 MEDIUM

Mayan EDMS < 4.10.2 - Cross-Site Scripting in Authentication Endpoint

CVE-2025-14663 LOW

Student File Management System 1.0 - XSS

CVE-2025-14662 LOW

Code-projects Student File Management System 1.0 - XSS

CVE-2025-14539 MEDIUM

Shortcode Ajax <= 1.0 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2025-67750 HIGH

lightning-flow-scanner < 6.10.6 - Remote Code Execution via Malicious Flow Metadata

CVE-2025-14580 LOW

Qualitor < 8.20.78 - Cross-Site Scripting via cdscript Parameter

CVE-2025-65854 CRITICAL

MineAdmin v3.x - OS Command Injection via Scheduled Tasks Feature

CVE-2025-12843 MEDIUM

waveterm 0.12.2 - Code Injection via Electron Fuses

CVE-2025-67727 CRITICAL

parse-server < 8.6.0-alpha.2 - Improper Privilege Management in GitHub CI Workflow

CVE-2025-14166 MEDIUM

WPMasterToolKit <2.13.0 - Code Injection

CVE-2025-14538 LOW

yangshare warehouseManager 1.1.0 - XSS

CVE-2025-13780 CRITICAL

pgAdmin < 9.10 - Remote Code Execution via PLAIN-Format Dump File Restore

CVE-2025-55313 HIGH

Foxit PDF & Editor <13.2,2025.2 - RCE

Previous Page 38 of 260 Next

Details

Vulnerabilities 6,477

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy