Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,491 vulnerabilities with CWE-94

CVE-2025-10075 LOW

SourceCodester Online Polling System 1.0 - Cross-Site Scripting via Firstname Parameter in manage-profile.php

CVE-2025-10074 LOW

Portabilis i-educar < 2.10.0 - Stored Cross-Site Scripting via Tipos de Usurio/Descrio Parameters

CVE-2025-10067 MEDIUM

POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter

CVE-2025-10066 MEDIUM

POS Point of Sale System 1.0 - Cross-Site Scripting in Dynamic Table Template

CVE-2025-10065 MEDIUM

POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter

CVE-2025-10064 MEDIUM

itsourcecode POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter

CVE-2025-10063 MEDIUM

POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter

CVE-2025-10032 MEDIUM

Campcodes Grocery Sales and Inventory System 1.0 - Cross-Site Scripting via Page Parameter

CVE-2025-10029 LOW

itsourcecode POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter

CVE-2025-10028 LOW

POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter

CVE-2025-7366 HIGH

REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme ...

CVE-2025-58372 HIGH

Roo Code <3.25.23 - Command Injection

CVE-2025-10027 LOW

POS Point of Sale System 1.0 - Cross-Site Scripting via Scripts Argument

CVE-2025-10026 LOW

POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter

CVE-2025-58827 LOW

PickPlugins Job Board Manager <2.1.61 - Code Injection

CVE-2025-55305 MEDIUM

Electron <38.0.0-beta.6 - ASAR Integrity Bypass

CVE-2025-9940 LOW

CodeAstro Real Estate Management System 1.0 - Cross-Site Scripting via feature.php msg Parameter

CVE-2025-9939 LOW

CodeAstro Real Estate Management System 1.0 - Cross-Site Scripting via propertyview.php msg Parameter

CVE-2025-9931 MEDIUM

Jinher OA 1.0 - Cross-Site Scripting via Account Parameter in Password Change Handler

CVE-2025-9929 LOW

Responsive Blog Site 1.0 - Cross-Site Scripting via blogs_view.php Parameter Manipulation

CVE-2025-9519 HIGH

Easy Timer <4.2.1 - Authenticated RCE

CVE-2025-9517 HIGH

atec Debug <= 1.2.22 - Authenticated Remote Code Execution via Custom Log Parameter

CVE-2025-9923 MEDIUM

Campcodes Sales and Inventory System 1.0 - Cross-Site Scripting via Page Parameter

CVE-2025-9959 HIGH

smolagents - Local Python Sandbox Escape via Dunder Attribute Validation Bypass

CVE-2025-9922 MEDIUM

Campcodes Sales and Inventory System 1.0 - Cross-Site Scripting via Page Parameter

Previous Page 51 of 260 Next

Details

Vulnerabilities 6,491

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy