Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,477 vulnerabilities with CWE-94

CVE-2025-14005 LOW

xunruicms < 4.7.1 - Cross-Site Scripting via data[name] Parameter in Add Display Name Field

CVE-2025-66222 CRITICAL

DeepChat < 0.5.0 - Stored Cross-Site Scripting and Remote Code Execution via Mermaid Diagram Renderer

CVE-2025-13486 CRITICAL

Advanced Custom Fields: Extended <0.9.1.1 - RCE

CVE-2025-13658 CRITICAL

Longwatch Devices - Unauthenticated Endpoint SYSTEM Code Execution

CVE-2025-66448 HIGH

vllm < 0.11.1 - Remote Code Execution via Nemotron_Nano_VL_Config Auto-Map Instantiation

CVE-2025-66299 HIGH

Grav < 1.8.0-beta.27 - Authenticated Server-Side Template Injection via Twig Directive Manipulation

CVE-2025-66294 HIGH

Grav < 1.8.0-beta.27 - Server-Side Template Injection via Weak Twig Validation

CVE-2025-13802 MEDIUM

jairiidriss RestaurantWebsite - XSS

CVE-2025-13795 LOW

codingWithElias School Management System <f1ac334bfd89ae9067cc14dea...

CVE-2025-13793 MEDIUM

Winston-dsouza Ecommerce-Website <87734c043269baac0b4cfe96647844621...

CVE-2025-13792 HIGH

Qualitor <8.20.104/8.24.97 - Code Injection

CVE-2025-13786 HIGH

wtcms < 2019-12-20 - Remote Code Execution via Index.php Content Argument

CVE-2025-13784 LOW

yungifez Skuul < 2.6.5 - Cross-Site Scripting via SVG File Handler in Dashboard Edit

CVE-2025-66224 HIGH

OrangeHRM 5.0-5.7 - OS Command Injection via Sendmail Command Construction

CVE-2025-59302 MEDIUM

Apache CloudStack 4.18.0-4.20.1 and 4.21.0-4.21.9 - Authenticated Code Injection via Admin APIs

CVE-2025-62593 CRITICAL

Ray < 2.52.0 - Remote Code Execution via DNS Rebinding and User-Agent Spoofing

CVE-2025-33204 HIGH

NVIDIA NeMo Framework - Code Injection

CVE-2025-64050 HIGH

REDAXO CMS 5.20.0 - Authenticated Remote Code Execution via Template Management PHP Injection

CVE-2025-6389 CRITICAL

Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution via sneeit_articles_pagination_callback

CVE-2025-13584 LOW

Eigenfocus < 1.4.1 - Cross-Site Scripting via Description Handler

CVE-2025-13577 LOW

PHPGurukul Hostel Management System 2.1 - Cross-Site Scripting via cdetails Parameter

CVE-2025-65108 CRITICAL

md-to-pdf < 5.2.5 - Remote Code Execution via Markdown Front-Matter JavaScript Delimiter

CVE-2025-13484 LOW

Campcodes Beauty Parlor Management System 1.0 - XSS via Name Parameter in /admin/customer-list.php

CVE-2025-12120 HIGH

Lite XL < 2.1.8 - Unauthenticated Remote Code Execution via .lite_project.lua File

CVE-2025-13469 LOW

Public Knowledge Project omp/ojs <3.5.0 - XSS

Previous Page 40 of 260 Next

Details

Vulnerabilities 6,477

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy