CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,492 vulnerabilities with CWE-94
CVE-2025-9388 LOW
Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting via watch_list.shtm Name Parameter
CVSS 3.5
CVE-2025-9306 LOW
SourceCodester Advanced School Management System 1.0 - XSS
CVSS 3.5
CVE-2025-9237 LOW
CodeAstro Ecommerce Website 1.0 - XSS
CVSS 3.5
CVE-2025-9235 LOW
Scada-LTS <= 2.7.8.1 - Stored Cross-Site Scripting via compound_events.shtm Name Parameter
CVSS 3.5
CVE-2025-9234 LOW
Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting via maintenance_events.shtm Alias Parameter
CVSS 3.5
CVE-2025-9233 LOW
Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting via view_edit.shtm Name Parameter
CVSS 3.5
CVE-2025-51991 HIGH
XWiki < 17.3.0 - Authenticated Server-Side Template Injection in HTTP Meta Info Field
CVSS 8.8
CVE-2025-54019 MEDIUM
Alone < 7.8.5 - Code Injection
CVSS 6.5
CVE-2025-53577 CRITICAL
Thehp Global DNS <3.1.0 - Code Injection
CVSS 10.0
CVE-2025-48169 CRITICAL
Jordy Meow Code Engine <0.3.3 - Code Injection
CVSS 9.9
CVE-2025-30975 HIGH
SaifuMak Add Custom Codes <4.80 - Code Injection
CVSS 7.5
CVE-2025-9171 LOW
solidinvoice < 2.4.0 - Stored Cross-Site Scripting via Clients Module Name Parameter
CVSS 3.5
CVE-2025-9170 LOW
SolidInvoice < 2.4.0 - Stored Cross-Site Scripting via Tax Rates Module Name Parameter
CVSS 3.5
CVE-2025-9169 LOW
SolidInvoice < 2.4.0 - Stored Cross-Site Scripting via Quote Module Name Parameter
CVSS 3.5
CVE-2025-9168 LOW
SolidInvoice < 2.4.0 - Stored Cross-Site Scripting via Client Name in Invoice Creation Module
CVSS 3.5
CVE-2025-9167 LOW
SolidInvoice < 2.4.0 - Stored Cross-Site Scripting via Recurring Invoice Client Name
CVSS 3.5
CVE-2025-55733 CRITICAL
DeepChat < 0.3.1 - Remote Code Execution via Custom URL Handler
CVSS 9.6
CVE-2025-9147 LOW
jasonclark getsemantic <040c96eb8cf9947488bd01b8de99b607b0519f7d - XSS
CVSS 3.5
CVE-2025-9145 LOW
Scada-LTS 2.7.8.1 - Cross-Site Scripting via SVG File Handler backgroundImageMP Parameter
CVSS 3.5
CVE-2025-9144 LOW
Scada-LTS 2.7.8.1 - Cross-Site Scripting via publisher_edit.shtm Name Parameter
CVSS 3.5
CVE-2025-9143 LOW
Scada-LTS 2.7.8.1 - Cross-Site Scripting via mailing_lists.shtm name/userList/address Parameter
CVSS 3.5
CVE-2025-50567 CRITICAL
Saurus CMS CE 4.7.1 - SQL Injection
CVSS 10.0
CVE-2025-9138 LOW
Scada-LTS 2.7.8.1 - Cross-Site Scripting via Point Hierarchy Title Parameter
CVSS 3.5
CVE-2025-9137 LOW
Scada-LTS 2.7.8.1 - Cross-Site Scripting via Scheduled Events Alias Parameter
CVSS 3.5
CVE-2025-8723 CRITICAL
Cloudflare Image Resizing <1.5.6 - RCE
CVSS 9.8
Details
Vulnerabilities 6,492
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits