CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,457 vulnerabilities with CWE-94
CVE-2026-37713 HIGH
Dolibarr ERP/CRM 22.0.0-22.0.4 and 24.0.0-alpha - Remote Code Execution via commonobject.class.php
CVSS 7.3
CVE-2026-37712 HIGH
Dolibarr ERP/CRM 22.0.0-22.0.4 and 24.0.0-alpha - Remote Code Execution via cronjob.class.php call_user_func_array()
CVSS 7.3
CVE-2026-37711 HIGH
Dolibarr ERP/CRM 22.0.0-22.0.4 and 24.0.0-alpha - Remote Code Execution via htdocs/core/actions_addupdatedelete.inc.php
CVSS 7.3
CVE-2026-8832 HIGH
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
CVSS 8.8
CVE-2026-6169 HIGH
affiliate-toolkit <= 3.8.5 - Authenticated (Editor+) Remote Code Execution
CVSS 7.2
CVE-2026-9608 LOW
QianFox FoxCMS Administrator Backend edit cross site scripting
CVSS 2.4
CVE-2026-9568 MEDIUM
ThingsBoard YAML provision getGatewayDockerComposeFile code injection
CVSS 5.0
CVE-2026-9566 MEDIUM
teableio teable Sign-up LoginPage.tsx cross site scripting
CVSS 4.3
CVE-2026-9170 CRITICAL
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected DOS and RCE.
CVSS 9.8
CVE-2026-8855 HIGH
IBM HTTP Server is affected by multiple vulnerabilities
CVSS 8.1
CVE-2026-8633 CRITICAL
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using when using Web Server Plug-ins
CVSS 9.8
CVE-2026-44728 HIGH
Improper Control of Generation of Code when compiling specifically crafted malicious code with @babel/plugin-transform-modules-systemjs
CVSS 8.2
CVE-2026-9564 LOW
SourceCodester/oretnom23 Hospitals Patient Records Management System view_patient cross site scripting
CVSS 2.4
CVE-2026-42785 HIGH
OpenKM 6.3.12 Remote Code Execution via Administrative Scripting
CVSS 7.2
CVE-2026-9527 MEDIUM
itsourcecode Electronic Judging System judges.php cross site scripting
CVSS 4.3
CVE-2026-9520 MEDIUM
blitz-js blitz Sign-in LoginForm.tsx cross site scripting
CVSS 4.3
CVE-2026-9519 MEDIUM
stonith404 pingvin-share Sign-in Auto-Redirect signIn.tsx getServerSideProps cross site scripting
CVSS 4.3
CVE-2026-9518 MEDIUM
hemant6488 CodeIgniter-StudentManagementSystem Students Controller view_students.php addStudent cross site scripting
CVSS 4.3
CVE-2026-24937 HIGH
WordPress Broadcast Live Video plugin < 7.1.3 - Remote Code Execution (RCE) vulnerability
CVSS 7.2
CVE-2026-9485 LOW
SourceCodester Student Grades Management System students.php cross site scripting
CVSS 3.5
CVE-2026-9471 LOW
yashpokharna2555 StudentManagementSystem student.php cross site scripting
CVSS 3.5
CVE-2026-9448 MEDIUM
code-projects Employee Management System applyleave.php cross site scripting
CVSS 4.3
CVE-2026-9419 MEDIUM
code-projects Employee Management System empproject.php cross site scripting
CVSS 4.3
CVE-2026-9418 MEDIUM
code-projects Employee Management System changepassemp.php cross site scripting
CVSS 4.3
CVE-2026-9417 MEDIUM
code-projects Employee Management System myprofileup.php cross site scripting
CVSS 4.3
Details
Vulnerabilities 6,457
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits