Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,488 vulnerabilities with CWE-94

CVE-2025-12299 MEDIUM

Simple Food Ordering System 1.0 - Cross-Site Scripting via pname/category/price Parameters

CVE-2025-12298 MEDIUM

Simple Food Ordering System 1.0 - Cross-Site Scripting via pname Parameter in editcategory.php

CVE-2025-12290 MEDIUM

Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0 - XSS

CVE-2025-12289 MEDIUM

Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0 - XSS

CVE-2025-12282 LOW

Client Details System 1.0 - Cross-Site Scripting in /admin/manage-users.php

CVE-2025-12281 LOW

Client Details System 1.0 - Cross-Site Scripting in /admin/clientview.php

CVE-2025-12280 LOW

Client Details System 1.0 - Cross-Site Scripting in /update-clients.php

CVE-2025-12279 LOW

Client Details System 1.0 - Cross-Site Scripting in /welcome.php

CVE-2025-12269 LOW

LearnHouse < 2025-09-21 - Cross-Site Scripting in Account Setting Page

CVE-2025-12267 MEDIUM

abhicodebox ModernShop <20250922 - XSS

CVE-2025-12266 MEDIUM

Zytec Dalian Zhuoyun Technology Central Authentication Service <202...

CVE-2025-12264 LOW

Wisencode < 20251012 - Cross-Site Scripting via Message Parameter in Support Ticket Handler

CVE-2025-12251 LOW

OpenWGA 7.11.12 Build 737 - Cross-Site Scripting in Admin UI

CVE-2025-12246 MEDIUM

chatwoot < 4.7.0 - Cross-Site Scripting via IframeLoader Link Argument

CVE-2025-12244 MEDIUM

Simple E-Banking System 1.0 - Cross-Site Scripting via Username Parameter in Register Page

CVE-2025-12231 LOW

projectworlds Expense Management System 1.0 - Cross-Site Scripting in Expense Categories Page

CVE-2025-12230 LOW

projectworlds Expense Management System 1.0 - Cross-Site Scripting in Currency Page

CVE-2025-12229 LOW

projectworlds Expense Management System 1.0 - Cross-Site Scripting in Roles Page

CVE-2025-12228 LOW

projectworlds Expense Management System 1.0 - Cross-Site Scripting in Users Page

CVE-2025-12227 LOW

projectworlds Gate Pass Management System 1.0 - Cross-Site Scripting in /add-pass.php

CVE-2025-12224 LOW

php-business-website <10677743a8dfc281f85291a27cf63a0bce043c24 - XSS

CVE-2025-62959 CRITICAL

videowhisper Paid Videochat Turnkey Site <7.3.22 - Code Injection

CVE-2025-8483 MEDIUM

The Discussion Board - WordPress Forum Plugin <2.5.5 - RCE

CVE-2025-61136 HIGH

axewater sharewarez <2.4.3 - Host Header Injection

CVE-2025-62023 CRITICAL

s2Member <= 250905 - Remote Code Execution

Previous Page 44 of 260 Next

Details

Vulnerabilities 6,488

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy