Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,477 vulnerabilities with CWE-94

CVE-2025-14519 LOW

baowzh hfly <638ff9abe9078bc977c132b37acbe1900b63491c - XSS

CVE-2025-67509 HIGH

neuron-ai < 2.8.12 - Arbitrary File Write via MySQLSelectTool INTO OUTFILE Bypass

CVE-2025-66474 HIGH

XWiki Rendering < 16.10.10, 17.0.0-rc-1-17.4.2, 17.5.0-rc-1-17.5.0 - Remote Code Execution via HTML Macro Injection

CVE-2025-65294 CRITICAL

Aqara Hub M2/M3/Camera Hub G3 - Unauthenticated Remote Code Execution via Undocumented Remote Access Mechanism

CVE-2025-65829 MEDIUM

Meatmeet ESP32 SoC - Privilege Escalation

CVE-2025-65602 CRITICAL

ChanCMS 3.3.4 - Unauthenticated Remote Code Execution via Template Injection in /vip/v1/file/save

CVE-2025-67489 CRITICAL

vitejs/plugin-rsc < 0.5.6 - Remote Code Execution via Unsafe Dynamic Imports in Server Function APIs

CVE-2025-66457 HIGH

Elysia < 1.4.18 - Remote Code Execution via Cookie Config Injection

CVE-2025-66533 MEDIUM

StellarWP GiveWP <4.13.2 - Code Injection

CVE-2025-42880 CRITICAL

SAP Solution Manager - Code Injection

CVE-2025-14324 CRITICAL

Firefox < 115.31.0, 140.6-145.9, 146 - Remote Code Execution via JIT Miscompilation

CVE-2025-13642 MEDIUM

WordPress ProfilePress <= 4.16.7 - Subscriber Shortcode Execution

CVE-2025-66481 CRITICAL

deepchat < 0.5.1 - Stored Cross-Site Scripting via Mermaid Content Bypass

CVE-2025-65271 HIGH

Azuriom < 1.2.7 - Authenticated Client-Side Template Injection via Admin Dashboard

CVE-2025-14244 LOW

GreenCMS 2.3.0603 - Cross-Site Scripting via Menu Management Page Link Parameter

CVE-2025-14228 LOW

Yealink SIP-T21P E2 52.84.0.15 - Cross-Site Scripting in Local Directory Page

CVE-2025-14221 LOW

SourceCodester Online Banking System 1.0 - XSS

CVE-2025-14205 LOW

Chamber of Commerce Membership Management System 1.0 - XSS

CVE-2025-14201 LOW

Alokjaiswal Hotel-management-services-using-mysql-and-php < 2018-11-08 - Code Injection

CVE-2025-14200 LOW

alokjaiswal Hotel-Management-services-using-MYSQL-and-php - Cross-Site Scripting in Request Pending Page

CVE-2025-14194 LOW

Employee Profile Management System 1.0 - XSS

CVE-2025-66562 CRITICAL

TUUI <1.3.4 - Remote Code Execution

CVE-2025-14013 LOW

jizhicms < 2.5.5 - Stored Cross-Site Scripting via Comment Handler Body Parameter

CVE-2025-14007 LOW

xunruicms < 4.7.1 - Cross-Site Scripting via Domain Name Binding Page

CVE-2025-14006 LOW

xunruicms < 4.7.1 - Cross-Site Scripting via Data Validation Page

Previous Page 39 of 260 Next

Details

Vulnerabilities 6,477

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy