Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,491 vulnerabilities with CWE-94

CVE-2025-9715 LOW

O2OA <10.0-410 - XSS

CVE-2025-9683 LOW

O2OA <10.0-410 - XSS

CVE-2025-9682 LOW

O2OA <10.0-410 - XSS

CVE-2025-9681 LOW

O2OA <10.0-410 - XSS

CVE-2025-9680 LOW

O2OA <10.0-410 - XSS

CVE-2025-58159 CRITICAL

WeGIA < 3.4.11 - Remote Code Execution via Unrestricted PHP File Upload

CVE-2025-9659 LOW

O2OA <10.0-410 - XSS

CVE-2025-9658 LOW

O2OA <10.0-410 - XSS

CVE-2025-9657 LOW

O2OA <10.0-410 - XSS

CVE-2025-9656 MEDIUM

PHPGurukul Directory Management System 2.0 - XSS

CVE-2025-9655 LOW

O2OA <10.0-410 - XSS

CVE-2025-9653 LOW

Portabilis i-Educar <= 2.10 - Cross-Site Scripting via Cadastrar projeto Page

CVE-2025-9652 LOW

Portabilis i-Educar < 2.10 - Cross-Site Scripting via nm_tipo/desc_tipo Parameter

CVE-2025-9647 MEDIUM

mtons mblog < 3.5.0 - Cross-Site Scripting via /admin/role/list Name Parameter

CVE-2025-9646 LOW

O2OA <10.0-410 - XSS

CVE-2025-9595 MEDIUM

code-projects Student Information Management System 1.0 - XSS

CVE-2025-9591 LOW

ZrLog <= 3.1.5 - Cross-Site Scripting via Theme Configuration Form FooterLink

CVE-2025-9590 LOW

Weaver E-Mobile Mobile Management Platform <20250813 - XSS

CVE-2025-54731 HIGH

YouTube Showcase <3.5.1 - Code Injection

CVE-2025-48100 CRITICAL

extremeidea bidorbuy Store Integrator <2.12.0 - Code Injection

CVE-2025-5101 MEDIUM

GitLab < 18.1.5, 18.2 < 18.2.5, 18.3 < 18.3.1 - Authenticated Code Injection via Branch/Tag Ambiguity

CVE-2025-34159 HIGH

Coolify < 4.0.0-beta.420.6 - Authenticated Remote Code Execution via Docker Compose Directive Injection

CVE-2025-52122 CRITICAL

Freeform 5.0.0-5.10.15 - Server-Side Template Injection via Form Submission Title

CVE-2025-30057 CRITICAL

CGM CLININET < 2024.MS4 - Remote Code Execution via UHCRTFDoc Filename Parameter

CVE-2025-30056 CRITICAL

CGM CLININET <= 2024.MS4.33 - Code Injection

Previous Page 53 of 260 Next

Details

Vulnerabilities 6,491

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy