Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,492 vulnerabilities with CWE-94

CVE-2025-9119 LOW

Netis WF2419 1.2.29433 - Cross-Site Scripting via SSID Parameter in Wireless Settings Page

CVE-2025-9107 MEDIUM

Portabilis i-Diario < 1.5.0 - Cross-Site Scripting via Search Autocomplete Parameter

CVE-2025-9106 LOW

Portabilis i-Diario < 1.5.0 - Stored Cross-Site Scripting via Parecer/Contedos/Objetivos Parameters

CVE-2025-9105 LOW

Portabilis i-Diario < 1.5.0 - Stored Cross-Site Scripting via Parecer/Contedos/Objetivos Parameters

CVE-2025-9104 LOW

Portabilis i-Diario < 1.5.0 - Stored Cross-Site Scripting via Parecer/Objeto de Conhecimento/Habilidades Parameters

CVE-2025-9103 LOW

ZenCart 2.1.0 - Cross-Site Scripting in CKEditor

CVE-2025-9101 LOW

zhenfeng13 My-Blog <= 1.0.0 - Cross-Site Scripting in Tag Handler

CVE-2025-9096 LOW

ExpressGateway express-gateway <= 1.16.10 - Cross-Site Scripting in REST Endpoint

CVE-2025-9095 LOW

ExpressGateway express-gateway <= 1.16.10 - Cross-Site Scripting in REST Endpoint

CVE-2025-8878 MEDIUM

WordPress ProfilePress <= 4.16.4 - Unauthenticated Shortcode Execution

CVE-2025-8105 HIGH

Soledad < 8.6.7 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2025-7961 MEDIUM

Wulkano KAP <3.6.0 - Code Injection

CVE-2025-54466 CRITICAL

Apache OFBiz < 24.09.02 - Unauthenticated Remote Code Execution via Scrum Plugin

CVE-2025-8905 MEDIUM

Inpersttion For Theme <= 1.0 - Authenticated Remote Code Execution via theme_section_shortcode Function

CVE-2025-9017 MEDIUM

PHPGurukul Zoo Management System 2.1 - Cross-Site Scripting via visitorname Parameter

CVE-2025-9003 LOW

Dlink Dir-818lw Firmware - Code Injection

CVE-2025-8976 LOW

Vvveb < 1.0.6 - Cross-Site Scripting via /vadmin123/index.php Endpoint

CVE-2025-8975 LOW

Vvveb < 1.0.6 - Cross-Site Scripting via slug Parameter in admin/template/content/edit.tpl

CVE-2025-55192 HIGH

HomeAssistant-Tapo-Control <2a3b80f - Code Injection

CVE-2025-49887 CRITICAL

WPFactory Product XML Feed Manager <2.9.3 - Code Injection

CVE-2025-39483 MEDIUM

imithemes Eventer <3.9.9.1 - Code Injection

CVE-2025-55346 CRITICAL

flowise - Remote Code Execution via Dynamic Function Constructor

CVE-2025-8934 MEDIUM

1000 Projects Sales Management System 1.0 - Cross-Site Scripting via select2112 Parameter

CVE-2025-8933 MEDIUM

1000 Projects Sales Management System 1.0 - Cross-Site Scripting via ssalescat Parameter

CVE-2025-8920 LOW

Portabilis i-Diario 1.6 - Stored Cross-Site Scripting via Planos de ensino Parameter

Previous Page 56 of 260 Next

Details

Vulnerabilities 6,492

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy