CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,488 vulnerabilities with CWE-94
CVE-2025-59954 CRITICAL
Knowage < 8.1.27 - Remote Code Execution via Unsafe JXPathContext in MetaService
CVSS 9.8
CVE-2025-59952 HIGH
MinIO Java SDK < 8.6.0 - Information Exposure via XML System Property Substitution
CVE-2025-11137 LOW
GstarCAD < 9.4.0 - Stored Cross-Site Scripting in File Renaming Handler
CVSS 3.5
CVE-2025-11134 LOW
Cudy TR1200 1.16.3-20230804-164635 - XSS
CVSS 2.4
CVE-2025-11125 MEDIUM
Langleyfcu Online Banking System <57437e6400ce0ae240e692c24e6346b8d...
CVSS 4.3
CVE-2025-11124 LOW
code-projects Project Monitoring System 1.0 - XSS
CVSS 3.5
CVE-2025-11119 MEDIUM
iSourcecode Hostel Management System 1.0 - XSS
CVSS 4.3
CVE-2025-11112 MEDIUM
PHPGurukul Employee Record Management System 1.3 - XSS
CVSS 4.3
CVE-2025-11069 LOW
westboy CicadasCMS 1.0 - Cross-Site Scripting via Add Department Handler Name Parameter
CVSS 2.4
CVE-2025-11068 LOW
westboy CicadasCMS 1.0 - Cross-Site Scripting via categoryName Parameter
CVSS 2.4
CVE-2025-11067 LOW
Projectworlds Visitor Management System 1.0 - XSS
CVSS 2.4
CVE-2025-11027 LOW
Vvveb < 1.0.7.2 - Cross-Site Scripting in SVG File Handler
CVSS 2.4
CVE-2025-11019 LOW
Total.js CMS < 19.9.0 - Cross-Site Scripting in Files Menu
CVSS 2.4
CVE-2025-60114 MEDIUM
YayCommerce YayCurrency <3.2 - Code Injection
CVSS 6.6
CVE-2025-10993 MEDIUM
muyucms < 2.7 - Remote Code Execution in Template Management
CVSS 4.7
CVE-2025-59823 CRITICAL
Gardener Extensions < 1.64.0 (AWS), < 1.55.0 (Azure), < 1.49.0 (OpenStack), < 1.46.0 (GCP) - Code Injection
CVSS 9.9
CVE-2025-10949 LOW
Changsha Developer Technology iView Editor <1.1.1 - XSS
CVSS 2.4
CVE-2025-10946 LOW
nuz007 smsboom <01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674 - XSS
CVSS 3.5
CVE-2025-10945 LOW
nuz007 smsboom - Cross-Site Scripting via d.php hm Argument
CVSS 3.5
CVE-2025-10944 LOW
yi-ge get-header-ip <589b23d0eb0043c310a6a13ce4bbe2505d0d0b15 - XSS
CVSS 3.5
CVE-2025-10943 LOW
MikeCen WeChat-Face-Recognition - XSS
CVSS 3.5
CVE-2025-10940 LOW
Total.js CMS 1.0.0 - Stored Cross-Site Scripting in Layout Page HTML Parameter
CVSS 2.4
CVE-2025-59251 HIGH
Microsoft Edge Chromium < 140.0.3485.81 - Remote Code Execution
CVSS 7.6
CVE-2025-10909 LOW
Mangati NovoSGA <= 2.2.9 - Cross-Site Scripting via SVG File Handler
CVSS 2.4
CVE-2025-23354 HIGH
NVIDIA Megatron-LM - Code Injection via Ensemble Classifier Script
CVSS 7.8
Details
Vulnerabilities 6,488
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits