Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,492 vulnerabilities with CWE-94

CVE-2025-8919 LOW

Portabilis i-Diario < 1.6 - Cross-Site Scripting via History Page cdigo/objetivo habilidade Argument

CVE-2025-23306 HIGH

NVIDIA Megatron-LM < 0.12.2 - Code Injection in megatron/training/arguments.py

CVE-2025-23305 HIGH

NVIDIA Megatron-LM < 0.12.2 - Code Injection in Tools Component

CVE-2025-23304 HIGH

NVIDIA NeMo < 2.3.2 - Remote Code Execution via Malicious .nemo File Metadata

CVE-2025-23298 HIGH

NVIDIA Merlin Transformers4Rec - Code Injection

CVE-2025-23296 HIGH

NVIDIA Isaac-GR00T - Code Injection

CVE-2025-23295 HIGH

NVIDIA Apex < 25.07 - Code Injection via Malicious File

CVE-2025-52385 CRITICAL

Studio 3T < 2025.1.0 - Remote Code Execution via Child Process Payload

CVE-2025-8918 LOW

Portabilis i-educar < 2.10.0 - Stored Cross-Site Scripting via neighborhood name Parameter

CVE-2025-42957 CRITICAL

SAP S/4HANA - Authenticated ABAP Code Injection via RFC Function Module

CVE-2025-42950 CRITICAL

SAP Landscape Transformation (Analysis Platform) - Authenticated ABAP Code Injection via RFC Function Module

CVE-2025-42945 MEDIUM

SAP NetWeaver Application Server ABAP - XSS

CVE-2025-54063 HIGH

Cherry Studio 1.4.8-1.5.0 - Remote Code Execution via Custom URL Handler

CVE-2025-8847 LOW

RuoYi < 4.8.1 - Cross-Site Scripting via Notice Title/Content in System Notice Edit

CVE-2025-8834 LOW

JCG Link-net LW-N915R 17s.20.001.908 - XSS

CVE-2025-8812 LOW

pybbs < 6.0.0 - Cross-Site Scripting in Admin Panel Settings Endpoint

CVE-2025-8788 LOW

Portabilis i-Diario < 1.5.0 - Stored Cross-Site Scripting via Parecer/Contedos/Objetivos Parameters

CVE-2025-8787 LOW

Portabilis i-Diario <= 1.5.0 - Stored Cross-Site Scripting in Registro das atividades

CVE-2025-8786 LOW

Portabilis i-Diario < 1.5.0 - Stored Cross-Site Scripting via Registro de atividades/Contedos Parameter

CVE-2025-8785 LOW

Portabilis i-educar < 2.9.0 - Cross-Site Scripting via nm_pessoa/matricula/matricula_interna Parameters

CVE-2025-8784 LOW

Portabilis i-educar < 2.9.0 - Stored Cross-Site Scripting via funcionario_vinculo_cad.php nome Parameter

CVE-2025-8765 LOW

Datacom DM955 5GT 1200 825.8010.00 - XSS

CVE-2025-8751 LOW

Total WebShield < 3.2.0 - Cross-Site Scripting via Block Page Category Argument

CVE-2025-8750 LOW

macrozheng mall < 1.0.3 - Cross-Site Scripting via Add Product Page File Upload

CVE-2025-54997 CRITICAL

OpenBao < 2.3.2 - Authenticated Remote Code Execution via Audit Subsystem Log Prefix Manipulation

Previous Page 57 of 260 Next

Details

Vulnerabilities 6,492

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy