CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,492 vulnerabilities with CWE-94
CVE-2025-30056 CRITICAL
CGM CLININET <= 2024.MS4.33 - Code Injection
CVE-2025-30055 CRITICAL
CGM CLININET < 2024.MS4 - Remote Code Execution via Module Parameter
CVE-2025-2313 CRITICAL
CGM CLININET < 2025.MS1 - Remote Code Execution via Print.pl CopyCounter Parameter
CVE-2025-23315 HIGH
NVIDIA NeMo < 2.4.0 - Code Injection in Export and Deploy Component
CVSS 7.8
CVE-2025-23314 HIGH
NVIDIA NeMo < 2.4.0 - Code Injection in NLP Component
CVSS 7.8
CVE-2025-23313 HIGH
NVIDIA NeMo < 2.4.0 - Code Injection in NLP Component
CVSS 7.8
CVE-2025-23312 HIGH
NVIDIA NeMo < 2.4.0 - Code Injection in Retrieval Services Component
CVSS 7.8
CVE-2025-23307 HIGH
NVIDIA NeMo Curator < 25.07 - Code Injection via Malicious File
CVSS 7.8
CVE-2025-52218 HIGH
SelectZero Data Observability Platform < 2025.5.2 - Content Spoofing via Login Page Parameter Injection
CVSS 7.5
CVE-2025-53419 HIGH
Delta Electronics COMMGR - Code Injection
CVSS 7.8
CVE-2025-9440 MEDIUM
1000projects Online Student Project Report Submission And Evaluation System - Code Injection
CVSS 4.3
CVE-2025-9439 MEDIUM
1000projects Online Student Project Report Submission And Evaluation System - Code Injection
CVSS 4.3
CVE-2025-9438 MEDIUM
1000projects Online Student Project Report Submission And Evaluation System - Code Injection
CVSS 4.3
CVE-2025-9434 MEDIUM
1000projects Online Student Project Report Submission And Evaluation System - Code Injection
CVSS 4.3
CVE-2025-9433 MEDIUM
mtons mblog < 3.5.0 - Cross-Site Scripting via Admin Panel Name Parameter
CVSS 4.3
CVE-2025-9432 MEDIUM
mtons mblog < 3.5.0 - Cross-Site Scripting via Admin Panel Title Parameter
CVSS 4.3
CVE-2025-9431 MEDIUM
mtons mblog < 3.5.0 - Cross-Site Scripting via Search Endpoint kw Parameter
CVSS 4.3
CVE-2025-9430 LOW
mtons mblog < 3.5.0 - Cross-Site Scripting via /admin/options/update Input Parameter
CVSS 2.4
CVE-2025-9429 LOW
mblog < 3.5.0 - Cross-Site Scripting via Post Handler Content/Title Parameter
CVSS 3.5
CVE-2025-9422 LOW
oitcode samarium <= 0.9.6 - Cross-Site Scripting in Team Image Handler
CVSS 2.4
CVE-2025-9416 LOW
oitcode samarium <= 0.9.6 - Cross-Site Scripting in Pages Image Handler
CVSS 2.4
CVE-2025-57773 CRITICAL
DataEase < 2.10.12 - Deserialization of Untrusted Data via JNDI Injection
CVSS 9.8
CVE-2025-57772 CRITICAL
DataEase < 2.10.12 - Remote Code Execution via H2 JDBC URL Bypass
CVSS 9.8
CVE-2025-9407 LOW
mblog < 3.5.0 - Cross-Site Scripting via Profile Settings Signature Parameter
CVSS 3.5
CVE-2025-9404 LOW
Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting via pointHierarchySLTS Title Parameter
CVSS 2.4
Details
Vulnerabilities 6,492
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits