Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,488 vulnerabilities with CWE-94

CVE-2025-10057 HIGH

WP Import - Ultimate CSV XML Importer <7.28 - RCE

CVE-2025-10584 LOW

Portabilis i-Educar < 2.10.0 - Cross-Site Scripting via nm_anotacao/descricao Parameter

CVE-2025-10566 MEDIUM

Campcodes Grocery Sales and Inventory System 1.0 - Cross-Site Scripting via Page Parameter

CVE-2025-41243 CRITICAL

Spring Cloud Gateway Server Webflux - Info Disclosure

CVE-2025-10485 MEDIUM

pojoin h3blog <5bf704425ebc11f4c24da51f32f36bb17ae20489 - XSS

CVE-2025-10434 LOW

IbuyuCMS <= 2.6.3 - Cross-Site Scripting via Article Title Parameter

CVE-2025-10411 MEDIUM

E-Logbook with Health Monitoring System for COVID-19 1.0 - Cross-Site Scripting via profile_id Parameter

CVE-2025-10394 MEDIUM

fcba_zzm Smart Park Management System 2.0 - Remote Code Injection in Scheduled Task Module

CVE-2025-10388 LOW

Selleo Mentingo 2025.08.27 - Cross-Site Scripting via Create New Course Description Parameter

CVE-2025-10386 MEDIUM

Yida ECMS Consulting Enterprise Management System 1.0 - XSS

CVE-2025-10373 LOW

Portabilis i-Educar < 2.10.0 - Cross-Site Scripting via nm_tipo Argument

CVE-2025-10372 LOW

Portabilis i-educar < 2.10.0 - Cross-Site Scripting via nm_tipo/descricao Parameter

CVE-2025-10370 LOW

sourcefabric rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting via Custom Script Parameter

CVE-2025-10369 LOW

sourcefabric/rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting in cardRegisterNew.php

CVE-2025-10368 LOW

sourcefabric rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting in manageFilesFolders.php

CVE-2025-10367 LOW

sourcefabric rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting in cardEdit.php

CVE-2025-10366 LOW

sourcefabric rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting via Email Address Parameter

CVE-2025-10340 LOW

WhatCD Gazelle <63b337026d49b5cf63ce4be20fdabdc880112fa3 - XSS

CVE-2025-10332 LOW

unmark < 1.9.3 - Cross-Site Scripting via Title Parameter

CVE-2025-10331 LOW

unmark < 1.9.3 - Cross-Site Scripting via Title Parameter

CVE-2025-10330 MEDIUM

unmark < 1.9.3 - Cross-Site Scripting via Search Query Parameter

CVE-2025-10274 MEDIUM

10oa 1.0 - Cross-Site Scripting via Name Parameter in /trial/mvc/item

CVE-2025-10272 MEDIUM

10oa 1.0 - Cross-Site Scripting via Name Parameter in /trial/mvc/catalogue

CVE-2025-10271 MEDIUM

10oa 1.0 - Cross-Site Scripting via Name Parameter

CVE-2025-59053 CRITICAL

AIRI 0.7.2-beta.2 - Stored Cross-Site Scripting and Remote Code Execution via Malicious Card File

Previous Page 49 of 260 Next

Details

Vulnerabilities 6,488

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy