CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,477 vulnerabilities with CWE-94
CVE-2025-34277
CRITICAL
Nagios Log Server < 2024R1.3.1 - Remote Code Execution via Malformed Dashboard ID
CVSS 9.8
CVE-2025-61196
HIGH
BusinessNext CRMnext <10.8.3.0 - RCE
CVSS 8.8
CVE-2025-50739
CRITICAL
iib0011 omni-tools <0.4.0 - Code Injection
CVSS 9.8
CVE-2025-56399
HIGH
alexusmai laravel-file-manager <3.3.1 - Authenticated RCE
CVSS 8.8
CVE-2025-12335
MEDIUM
code-projects E-Commerce Website 1.0 - Cross-Site Scripting via supp_name/supp_address Parameters
CVSS 4.3
CVE-2025-12332
LOW
SourceCodester Student Grades Management System 1.0 - Cross-Site Scripting in delete_user Function
CVSS 2.4
CVE-2025-12334
MEDIUM
E-Commerce Website 1.0 - Cross-Site Scripting via prod_name/prod_desc/prod_cost Parameters
CVSS 4.3
CVE-2025-12333
MEDIUM
E-Commerce Website 1.0 - Cross-Site Scripting via supp_name/supp_address Parameter
CVSS 4.3
CVE-2025-12330
LOW
Willow CMS < 1.4.0 - Cross-Site Scripting via Add Post Page Title/Body
CVSS 2.4
CVE-2025-12312
LOW
PHPGurukul Curfew e-Pass Management System 1.0 - Cross-Site Scripting via Fullname/Category Parameter
CVSS 2.4
CVE-2025-12311
LOW
PHPGurukul Curfew e-Pass Management System 1.0 - Cross-Site Scripting via edit-category-detail.php catname Parameter
CVSS 2.4
CVE-2025-12303
LOW
PHPGurukul Curfew e-Pass Management System 1.0 - Cross-Site Scripting via admin-profile.php adminname/email Parameter
CVSS 2.4
CVE-2025-12302
MEDIUM
Simple Food Ordering System 1.0 - Cross-Site Scripting via /editproduct.php pname/category/price Parameters
CVSS 4.3
CVE-2025-12300
MEDIUM
Simple Food Ordering System 1.0 - Cross-Site Scripting via cname Parameter in addcategory.php
CVSS 4.3
CVE-2025-12299
MEDIUM
Simple Food Ordering System 1.0 - Cross-Site Scripting via pname/category/price Parameters
CVSS 4.3
CVE-2025-12298
MEDIUM
Simple Food Ordering System 1.0 - Cross-Site Scripting via pname Parameter in editcategory.php
CVSS 4.3
CVE-2025-12290
MEDIUM
Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0 - XSS
CVSS 4.3
CVE-2025-12289
MEDIUM
Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0 - XSS
CVSS 4.3
CVE-2025-12282
LOW
Client Details System 1.0 - Cross-Site Scripting in /admin/manage-users.php
CVSS 2.4
CVE-2025-12281
LOW
Client Details System 1.0 - Cross-Site Scripting in /admin/clientview.php
CVSS 2.4
CVE-2025-12280
LOW
Client Details System 1.0 - Cross-Site Scripting in /update-clients.php
CVSS 2.4
CVE-2025-12279
LOW
Client Details System 1.0 - Cross-Site Scripting in /welcome.php
CVSS 2.4
CVE-2025-12269
LOW
LearnHouse < 2025-09-21 - Cross-Site Scripting in Account Setting Page
CVSS 3.5
CVE-2025-12267
MEDIUM
abhicodebox ModernShop <20250922 - XSS
CVSS 4.3
CVE-2025-12266
MEDIUM
Zytec Dalian Zhuoyun Technology Central Authentication Service <202...
CVSS 6.3
Details
Vulnerabilities
6,477
Exploit Likelihood
Medium