CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,488 vulnerabilities with CWE-94
CVE-2025-23353 HIGH
NVIDIA Megatron-LM - Code Injection via MSDP Preprocessing Script
CVSS 7.8
CVE-2025-23349 HIGH
NVIDIA Megatron-LM - Code Injection in tasks/orqa/unsupervised/nq.py
CVSS 7.8
CVE-2025-23348 HIGH
NVIDIA Megatron-LM < 0.12.3 - Code Injection via Pretrain_GPT Script
CVSS 7.8
CVE-2025-5717 MEDIUM
WSO2 API Control Plane and API Manager - Authenticated Remote Code Execution via Siddhi Execution Plan
CVSS 6.8
CVE-2025-9321 CRITICAL
WPCasa < 1.4.1 - Unauthenticated Code Injection via api_requests Function
CVSS 9.8
CVE-2025-10837 LOW
Simple Food Ordering System 1.0 - Cross-Site Scripting via ID Parameter in order.php
CVSS 3.5
CVE-2025-10827 MEDIUM
PHPJabbers Restaurant Menu Maker <= 1.1 - Cross-Site Scripting via Preview Theme Parameter
CVSS 4.3
CVE-2025-59528 CRITICAL
Flowise 3.0.5 - Remote Code Execution via CustomMCP Node Configuration Parsing
CVSS 10.0
CVE-2025-58673 MEDIUM
Tareq Hasan WP User Frontend <4.1.11 - Code Injection
CVSS 5.4
CVE-2025-57439 HIGH
Creacast Creabox Manager 4.4.4 - Authenticated Remote Code Execution via edit.php Lua Injection
CVSS 8.8
CVE-2025-10794 MEDIUM
PHPGurukul Car Rental Project 3.0 - Cross-Site Scripting via search.php autofocus Parameter
CVSS 4.3
CVE-2025-10758 LOW
htmly < 3.1.0 - Cross-Site Scripting via Custom Field Handler Label Parameter
CVSS 2.4
CVE-2025-54815 HIGH
PPress 0.0.9 - Server-Side Template Injection via Crafted Themes
CVSS 8.8
CVE-2025-57644 CRITICAL
Accela Automation Platform 22.2.3.0.230103 - RCE & Arbitrary File Write via Test Script
CVSS 9.1
CVE-2025-10711 MEDIUM
07FLYCMS, 07FLY-CMS, 07FlyCRM <20250831 - XSS
CVSS 4.3
CVE-2025-10710 MEDIUM
07FLYCMS 07FLY-CMS 07FlyCRM < 20250831 - Cross-Site Scripting via Name Parameter
CVSS 4.3
CVE-2025-10642 LOW
wangchenyi1996 chat_forum - Cross-Site Scripting via Path Parameter in q.php
CVSS 3.5
CVE-2025-10632 LOW
Online Petshop Management System 1.0 - Stored Cross-Site Scripting in Admin Dashboard via availableframe.php
CVSS 3.5
CVE-2025-10631 LOW
Online Petshop Management System 1.0 - Stored Cross-Site Scripting via addcnp.php Name/Description Parameter
CVSS 3.5
CVE-2025-10614 MEDIUM
E-Logbook with Health Monitoring System for COVID-19 1.0 - Cross-Site Scripting via profile_id Parameter
CVSS 4.3
CVE-2025-58766 CRITICAL
dyad < 0.20.0 - Remote Code Execution via Preview Window
CVSS 9.0
CVE-2025-10606 MEDIUM
Portabilis i-educar < 2.10.0 - Cross-Site Scripting via tipoacao Parameter in ConfiguracaoMovimentoGeral
CVSS 4.3
CVE-2025-10605 MEDIUM
Portabilis i-educar < 2.10.0 - Cross-Site Scripting via tipoacao Parameter in agenda_preferencias.php
CVSS 4.3
CVE-2025-10591 LOW
Portabilis i-educar < 2.10.0 - Stored Cross-Site Scripting via educar_funcao_cad.php abreviatura/tipoacao Parameters
CVSS 3.5
CVE-2025-10590 MEDIUM
Portabilis i-educar < 2.10.0 - Cross-Site Scripting via ref_pessoa Parameter
CVSS 4.3
Details
Vulnerabilities 6,488
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits