Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,477 vulnerabilities with CWE-94

CVE-2025-13450 LOW

SourceCodester Online Shop Project 1.0 - Cross-Site Scripting via f_name Parameter

CVE-2025-13415 LOW

easyimages2.0 < 2.8.6 - Cross-Site Scripting via SVG Image Handler File Parameter

CVE-2025-13412 LOW

Campcodes Retro Basketball Shoes Online Store 1.0 - Cross-Site Scripting via product_name Argument

CVE-2025-65099 CRITICAL

Claude Code < 1.0.39 - Unauthenticated Code Execution via Yarn Plugin

CVE-2025-65026 MEDIUM

esm.sh < 136 - Remote Code Execution via CSS Module Conversion Template Literal Injection

CVE-2025-10703 HIGH

Progress DataDirect - Code Injection

CVE-2025-10702 HIGH

Progress DataDirect - Code Injection

CVE-2025-13035 HIGH

WordPress Code Snippets <3.9.1 - Code Injection

CVE-2025-63693 MEDIUM

DzzOffice < 2.3.7 - Stored Cross-Site Scripting in Comment Editing Template

CVE-2025-37157 MEDIUM

ArubaOS-CX 10.10.0000-10.10.1169 - Authenticated Remote Code Execution via Command Injection

CVE-2025-33184 HIGH

NVIDIA Isaac-GR00T - Code Injection

CVE-2025-33183 HIGH

NVIDIA Isaac-GR00T - Code Injection

CVE-2025-13349 LOW

SourceCodester Student Grades Management System 1.0 - Stored Cross-Site Scripting in Grades.php Remarks Field

CVE-2025-13343 LOW

SourceCodester Interview Management System 1.0 - Cross-Site Scripting via Question Parameter in editQuestion.php

CVE-2025-7711 MEDIUM

The Classified Listing - Classified ads & Business Directory Plugin...

CVE-2025-13245 LOW

Student Information System 2.0 - Cross-Site Scripting in /editprofile.php

CVE-2025-13244 MEDIUM

Student Information System 2.0 - Cross-Site Scripting in /register.php

CVE-2025-13232 LOW

ProjectSend < r1720 - Cross-Site Scripting in File Editor/Custom Download Aliases

CVE-2025-13202 LOW

Simple Cafe Ordering System 1.0 - Cross-Site Scripting via product_name Parameter

CVE-2025-13186 LOW

bdtask isshue < 4.0 - Cross-Site Scripting via Search Argument in Customer Management

CVE-2025-13182 LOW

h3blog 1.0 - Cross-Site Scripting via Title Parameter in Category Add Function

CVE-2025-13181 LOW

h3blog 1.0 - Cross-Site Scripting via Name Argument in /admin/cms/material/add

CVE-2025-12762 CRITICAL

pgAdmin 4 < 9.10 - Remote Code Execution via PLAIN-format Dump File Restore

CVE-2025-12733 HIGH

WP All Import <3.9.6 - Authenticated RCE

CVE-2025-13058 LOW

extplorer < 2.1.15 - Cross-Site Scripting in Filename Handler

Previous Page 41 of 260 Next

Details

Vulnerabilities 6,477

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy