Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,488 vulnerabilities with CWE-94

CVE-2025-11433 LOW

itsourcecode Leave Management System 1.0 - XSS

CVE-2025-11425 LOW

Advanced Library Management System 1.0 - XSS

CVE-2025-11421 LOW

Code-projects Voting System 1.0 - XSS

CVE-2025-11390 MEDIUM

PHPGurukul Cyber Cafe Management System 1.0 - XSS

CVE-2025-11360 MEDIUM

Jakowenko double-take <1.13.1 - XSS

CVE-2025-61774 CRITICAL

PyVista 0.46.3 - Remote Code Execution via Dependency Confusion

CVE-2025-11344 MEDIUM

ILIAS <= 8.23/9.13/10.1 - Remote Code Execution in Certificate Import Handler

CVE-2025-11333 LOW

Langleyfcu Online Banking System - XSS

CVE-2025-11332 LOW

CmsEasy < 7.7.7.0 - Cross-Site Scripting via PHP_SELF Parameter

CVE-2025-11308 LOW

Vanderlande Baggage 360 7.0.0 - XSS

CVE-2025-11306 MEDIUM

qianfox FoxCMS <= 1.2 - Cross-Site Scripting via Search Page Keyword Parameter

CVE-2025-11291 MEDIUM

ixmaps website2017 <0c71cffa0162186bc057a76766bc97e9f5a3a2d0 - XSS

CVE-2025-11289 LOW

CicadasCMS <2431154dac8d0735e04f1fd2a3c3556668fc8dab - XSS

CVE-2025-11283 LOW

Frappe LMS 2.35.0 - Cross-Site Scripting via Course Description Handler

CVE-2025-11282 LOW

Frappe LMS 2.34.x-2.35.0 - Cross-Site Scripting

CVE-2025-11278 MEDIUM

AllStarLink Supermon < 6.2 - Cross-Site Scripting in AllMon2

CVE-2025-11276 LOW

Rebuild < 4.1.4 - Cross-Site Scripting in Comment/Guestbook

CVE-2025-54374 HIGH

Eidos < 0.21.0 - Remote Code Execution via Custom URL Handler

CVE-2025-46818 MEDIUM

Redis < 6.2.20 - Authenticated Code Injection via Lua Script Manipulation

CVE-2025-61593 HIGH

Cursor < 1.7 - Remote Code Execution via CLI Agent File Modification

CVE-2025-61590 HIGH

Cursor <1.6 - Remote Code Execution

CVE-2025-59536 HIGH

Claude Code < 1.0.111 - Code Injection via Startup Trust Dialog Bypass

CVE-2025-61588 CRITICAL

risc0-zkvm-platform < 2.1.0 - Arbitrary Code Execution via sys_read Response

CVE-2025-56588 HIGH

Dolibarr ERP & CRM < 21.0.3 - Remote Code Execution via User Module Computed Field Parameter

CVE-2025-11153 HIGH

Firefox < 143.0.3 - Buffer Overflow

Previous Page 46 of 260 Next

Details

Vulnerabilities 6,488

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy