Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,492 vulnerabilities with CWE-94

CVE-2025-54417 HIGH

Craft CMS 4.13.8-4.16.2 and 5.5.8-5.8.3 - Remote Code Execution via /updater/restore-db Endpoint

CVE-2025-8743 LOW

scada-lts < 2.7.8.1 - Stored Cross-Site Scripting in Virtual Data Source Property Handler via Name Parameter

CVE-2025-8740 LOW

zhenfeng13 My-Blog <= 1.0.0 - Cross-Site Scripting via Category Name Parameter

CVE-2025-8356 CRITICAL

Xerox FreeFlow Core 8.0.4 - Path Traversal and Remote Code Execution

CVE-2025-54940 LOW

WordPress Advanced Custom Fields <6.4.3 - XSS

CVE-2025-50692 CRITICAL

FoxCMS < 1.2.6 - Remote Code Execution via Template File Edit

CVE-2025-54594 CRITICAL

react-native-bottom-tabs <0.9.2 - Code Injection

CVE-2025-50707 CRITICAL

ThinkPHP 3.2.5 index.php - Remote Code Execution

CVE-2025-50706 CRITICAL

thinkphp 5.1 - Remote Code Execution via Route Check Function

CVE-2025-8555 LOW

pybbs < 6.0.0 - Cross-Site Scripting via Search Keyword Parameter

CVE-2025-8554 LOW

pybbs < 6.0.0 - Cross-Site Scripting via Username Parameter in Admin User List

CVE-2025-8553 LOW

pybbs < 6.0.0 - Cross-Site Scripting via Sensitive Word List Argument

CVE-2025-8552 LOW

pybbs < 6.0.0 - Cross-Site Scripting via /admin/tag/list Name Parameter

CVE-2025-8551 LOW

pybbs < 6.0.0 - Cross-Site Scripting via Username Parameter in Admin Comment List

CVE-2025-8550 LOW

pybbs < 6.0.0 - Cross-Site Scripting via Username Parameter in Admin Topic List

CVE-2025-8545 LOW

Portabilis i-Educar 2.10 - Cross-Site Scripting via nm_motivo Parameter

CVE-2025-8544 LOW

Portabilis i-Educar 2.10 - Cross-Site Scripting via /module/RegraAvaliacao/edit nome Parameter

CVE-2025-8543 LOW

Portabilis i-Educar 2.10 - Cross-Site Scripting via nm_raca Parameter in educar_raca_cad.php

CVE-2025-8542 LOW

Portabilis i-Educar 2.10 - Cross-Site Scripting via fantasia/razao_social Parameter

CVE-2025-8541 LOW

Portabilis i-Educar 2.10 - Cross-Site Scripting via nome Parameter in public_uf_cad.php

CVE-2025-8540 LOW

Portabilis i-Educar 2.10 - Cross-Site Scripting via nome Parameter in public_municipio_cad.php

CVE-2025-8539 LOW

Portabilis i-Educar 2.10 - Cross-Site Scripting via nome Parameter in /intranet/public_distrito_cad.php

CVE-2025-8538 LOW

Portabilis i-Educar 2.10 - Cross-Site Scripting via User Type Name/Description Parameter

CVE-2025-8535 LOW

NanoVault < 1.2.1 - Cross-Site Scripting via xrb URL Handler

CVE-2025-51387 CRITICAL

GitKraken Desktop 10.8.0-11.1.0 - Code Injection

Previous Page 58 of 260 Next

Details

Vulnerabilities 6,492

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy