Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,477 vulnerabilities with CWE-94

CVE-2025-33178 HIGH

NVIDIA NeMo Framework - Code Injection

CVE-2025-23361 HIGH

NVIDIA NeMo < 2.5.0 - Code Injection via Malicious Input

CVE-2025-23357 HIGH

NVIDIA Megatron-LM - Code Injection

CVE-2025-12813 CRITICAL

Holiday class post calendar plugin - RCE

CVE-2025-12637 HIGH

Elastic Theme Editor <0.0.4 - Code Injection

CVE-2025-42895 MEDIUM

SAP HANA JDBC Client - Code Injection

CVE-2025-42887 CRITICAL

SAP Solution Manager - Code Injection

CVE-2025-12920 LOW

FoxCMS < 1.2.16 - Cross-Site Scripting via Product Title Parameter

CVE-2025-9334 HIGH

Better Find and Replace - AI-Powered Suggestions <1.7.7 - Code Inje...

CVE-2025-49372 CRITICAL

VillaTheme HAPPY <1.0.8 - Code Injection

CVE-2025-47588 CRITICAL

acowebs Dynamic Pricing With Discount Rules for WooCommerce <4.5.9 ...

CVE-2025-32222 CRITICAL

Widget Logic <6.0.5 - Code Injection

CVE-2025-11093 HIGH

WSO2 API Control Plane 4.5.0-4.5.0.28 - Authenticated Remote Code Execution via GraalJS and NashornJS Script Mediator

CVE-2025-12735 CRITICAL

expr-eval - Crafted Context Object Code Execution

CVE-2025-64108 HIGH

Cursor < 2.0 - Path Traversal and Remote Code Execution via NTFS Path Quirks

CVE-2025-62369 HIGH

Xibo 4.1.0-4.3.0 - Authenticated Remote Code Execution via CMS Developer Module Templating

CVE-2025-64321 MEDIUM

Salesforce Agentforce Vibes < 3.3.0 - Code Injection via LLM Prompt Manipulation

CVE-2025-64320 MEDIUM

Salesforce Agentforce Vibes < 3.2.0 - Code Injection via LLM Prompt

CVE-2025-64318 MEDIUM

Mulesoft Anypoint Code Builder < 1.12.1 - Code Injection via LLM Prompt Manipulation

CVE-2025-10875 MEDIUM

Mulesoft Anypoint Code Builder < 1.11.6 - Code Injection via LLM Prompt

CVE-2025-60785 HIGH

iceScrum v7.54 Pro On-prem - Remote Code Execution via Postgres Drivers

CVE-2025-6990 HIGH

Kallyas Theme <4.24.0 - Authenticated RCE

CVE-2025-10487 HIGH

Advanced Ads WordPress Plugin <=2.0.12 - Unauthenticated AJAX Function Exposure

CVE-2025-12546 LOW

LogicalDOC Community Edition <9.2.1 - XSS

CVE-2025-48984 HIGH

Veeam Backup & Replication 12.0.0.1402 through 12.3.2.4165 - Authenticated Remote Code Execution

Previous Page 42 of 260 Next

Details

Vulnerabilities 6,477

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy