Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,491 vulnerabilities with CWE-94

CVE-2025-9921 LOW

code-projects POS Pharmacy System 1.0 - Cross-Site Scripting via product_code/gen_name/product_name/supplier Parameters

CVE-2025-58176 HIGH

Dive 0.9.0-0.9.3 - Remote Code Execution via Custom URL Transport Parameter

CVE-2025-9845 LOW

Fruit Shop Management System 1.0 - Cross-Site Scripting via products.php Parameter Manipulation

CVE-2025-9834 LOW

PHPGurukul Small CRM 4.0 - Stored Cross-Site Scripting via Username Parameter in Registration

CVE-2025-9796 LOW

JeeSite < 5.13.0 - Cross-Site Scripting via EncodeUtils.decodeUrl2

CVE-2025-9773 MEDIUM

RemoteClinic < 2.0 - Cross-Site Scripting via Last Name Parameter in Staff Edit Page

CVE-2025-9755 MEDIUM

khanakag-17 library_management_system < 2025-08-23 - Cross-Site Scripting via msg Parameter

CVE-2025-9754 LOW

Campcodes Online Hospital Management System 1.0 - Stored Cross-Site Scripting via Edit Profile Username Field

CVE-2025-9753 LOW

Campcodes Online Hospital Management System 1.0 - Cross-Site Scripting in Patient Search Module

CVE-2025-9746 LOW

Campcodes Hospital Management System 1.0 - Stored Cross-Site Scripting in Edit Doctor Specialization Page

CVE-2025-9738 LOW

Portabilis i-Educar < 2.10.0 - Cross-Site Scripting via nm_tipo Argument in educar_tipo_ensino_cad.php

CVE-2025-9737 LOW

O2OA <10.0-410 - XSS

CVE-2025-9736 LOW

O2OA <10.0-410 - XSS

CVE-2025-9735 LOW

O2OA <10.0-410 - XSS

CVE-2025-9734 LOW

O2OA <10.0-410 - XSS

CVE-2025-9728 MEDIUM

Vvveb 1.0.7.2 - Cross-Site Scripting via Email/Password Argument

CVE-2025-9724 LOW

Portabilis i-educar < 2.10 - Cross-Site Scripting via nm_nivel/descricao Parameter

CVE-2025-9723 LOW

Portabilis i-Educar <= 2.10 - Cross-Site Scripting via nm_tipo Argument

CVE-2025-9722 LOW

Portabilis i-Educar <= 2.10 - Cross-Site Scripting via nm_tipo/descricao Parameter

CVE-2025-9721 LOW

Portabilis i-Educar < 2.10 - Cross-Site Scripting via FormulaMedia Edit Function

CVE-2025-9720 LOW

Portabilis i-educar < 2.10 - Cross-Site Scripting via Nome Parameter in Cadastrar tabela de arredondamento Page

CVE-2025-9719 LOW

O2OA <10.0-410 - XSS

CVE-2025-9718 LOW

O2OA <10.0-410 - XSS

CVE-2025-9717 LOW

O2OA <10.0-410 - XSS

CVE-2025-9716 LOW

O2OA <10.0-410 - XSS

Previous Page 52 of 260 Next

Details

Vulnerabilities 6,491

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy