Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,184 vulnerabilities with CWE-94

CVE-2026-6619 LOW

langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting

CVE-2026-41282 MEDIUM

ProjectDiscovery Nuclei <3.8.0 - DSL Injection

CVE-2026-6603 HIGH

modelscope agentscope _python.py execute_shell_command code injection

CVE-2026-6600 LOW

langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting

CVE-2026-6594 HIGH

brikcss merge prototype pollution

CVE-2026-6593 LOW

ComfyUI View Endpoint server.py cross site scripting

CVE-2026-6592 LOW

ComfyUI userdata Endpoint user_manager.py getuserdata cross site scripting

CVE-2026-6559 MEDIUM

Wavlink WL-WN579A3 login.cgi sub_401F80 cross site scripting

CVE-2026-41242 CRITICAL

protobufjs has an arbitrary code execution issue

CVE-2026-40342 CRITICAL

Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution

CVE-2026-6493 LOW

lukevella rallly Reset Password reset-password-form.tsx cross site scripting

CVE-2026-6486 LOW

classroombookings User Display Name layout.php read cross site scripting

CVE-2026-40322 CRITICAL

SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE

CVE-2026-40316 HIGH

OWASP BLT has RCE in Github Actions via untrusted Django model execution in workflow

CVE-2026-33435 HIGH

Weblate: Remote code execution during backup restoration

CVE-2026-30993 CRITICAL

Slah CMS <=1.5.0 - RCE

CVE-2026-39842 CRITICAL

OpenRemote is Vulnerable to Expression Injection

CVE-2026-1509 MEDIUM

Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution

CVE-2026-25125 MEDIUM

October CMS: Environment Variable Exfiltration via INI Parser Interpolation

CVE-2026-2582 MEDIUM

Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution

CVE-2026-40288 CRITICAL

PraisonAI: Critical RCE via `type: job` workflow YAML

CVE-2026-40287 HIGH

PraisonAI has RCE via Automatic tools.py Import

CVE-2026-39421 MEDIUM

MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect

CVE-2026-27675 LOW

Code Injection vulnerability in SAP Landscape Transformation

CVE-2026-27674 MEDIUM

Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)

Previous Page 4 of 248 Next

Details

Vulnerabilities 6,184

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy