CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,492 vulnerabilities with CWE-94
CVE-2025-8521 LOW
Vvveb < 1.0.6 - Cross-Site Scripting in Add Type Handler
CVSS 2.4
CVE-2025-8518 MEDIUM
Vvveb 1.0.5 - Remote Code Execution in Code Editor Save Function
CVSS 4.7
CVE-2025-6204 HIGH KEV
DELMIA Apriso <2025 - Code Injection
CVSS 8.0
CVE-2025-8511 LOW
Portabilis i-Diario 1.5.0 - Stored Cross-Site Scripting in Observaes Descrio Parameter
CVSS 3.5
CVE-2025-8510 LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via ref_cod_aluno Parameter
CVSS 3.5
CVE-2025-8509 LOW
Portabilis i-Educar 2.9 - Stored Cross-Site Scripting via educar_servidor_cad.php matricula Parameter
CVSS 3.5
CVE-2025-8508 LOW
Portabilis i-Educar 2.9 - Stored Cross-Site Scripting via titulo_avaliacao and descricao Parameters
CVSS 3.5
CVE-2025-8507 LOW
Portabilis i-Educar 2.9 - Cross-Site Scripting via educar_funcao_lst.php nm_funcao/abreviatura Parameter
CVSS 3.5
CVE-2025-8506 LOW
wx-shop <de1b66331368695779cfc6e4d11a64caddf8716e - XSS
CVSS 3.5
CVE-2025-8501 LOW
Human Resource Integrated System 1.0 - Cross-Site Scripting via action.php content Parameter
CVSS 3.5
CVE-2025-6000 CRITICAL
HashiCorp Vault 0.8.0-1.16.22, 1.17.0-1.19.6, 1.20.0 - Authenticated RCE via Plugin Directory
CVSS 9.1
CVE-2025-54593 HIGH
FreshRSS < 1.26.2 - Authenticated Remote Code Execution via Update URL Manipulation
CVSS 7.2
CVE-2025-8380 LOW
Campcodes Online Hotel Reservation System 1.0 - Cross-Site Scripting via Name Parameter in add_query_account.php
CVSS 3.5
CVE-2025-8370 MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via educar_escolaridade_lst.php descricao Parameter
CVSS 4.3
CVE-2025-8369 MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via titulo_avaliacao Parameter
CVSS 4.3
CVE-2025-8368 MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via campo_busca/cpf Parameters
CVSS 4.3
CVE-2025-8367 MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via nome Parameter in funcionario_vinculo_lst.php
CVSS 4.3
CVE-2025-8366 MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via educar_servidor_lst.php nome/matricula_servidor Parameters
CVSS 4.3
CVE-2025-8365 LOW
Portabilis i-Educar 2.10 - Stored Cross-Site Scripting via atendidos_cad.php nome/nome_social/email Parameters
CVSS 3.5
CVE-2025-8346 MEDIUM
Portabilis i-Educar 2.10 - Cross-Site Scripting via ref_cod_matricula Parameter
CVSS 4.3
CVE-2025-8340 MEDIUM
Intern Membership Management System 1.0 - Cross-Site Scripting via Email Parameter in Error Message Handler
CVSS 4.3
CVE-2025-8337 LOW
Simple Car Rental System 1.0 - Cross-Site Scripting via car_name Parameter
CVSS 2.4
CVE-2025-7361 HIGH
NI LabVIEW < 2025 Q1 - Remote Code Execution via CIN Node
CVSS 7.8
CVE-2025-46059 CRITICAL
langchain-ai v0.3.51 - Code Injection
CVSS 9.8
CVE-2025-4056 HIGH
GLib < 2.84.1 - Denial of Service via Long Command Line Spawning
CVSS 7.5
Details
Vulnerabilities 6,492
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits