Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,184 vulnerabilities with CWE-94

CVE-2026-5826 MEDIUM

code-projects Simple IT Discussion Forum edit-category.php cross site scripting

CVE-2026-5825 MEDIUM

code-projects Simple Laundry System delmemberinfo.php cross site scripting

CVE-2026-1516 MEDIUM

Improper Control of Generation of Code ('Code Injection') in GitLab

CVE-2026-5810 LOW

SourceCodester Sales and Inventory System GET Parameter delete.php cross site scripting

CVE-2026-5808 MEDIUM

openstatusHQ openstatus Onboarding Endpoint client.tsx cross site scripting

CVE-2026-5806 LOW

code-projects Easy Blog Site update.php cross site scripting

CVE-2026-39891 HIGH

PraisonAI has a Template Injection in Agent Tool Definitions

CVE-2026-39881 MEDIUM

Vim Ex command injection in Vims NetBeans integration

CVE-2026-34724 HIGH

Zammad has a server-side template injection leading to RCE via AI Agent

CVE-2026-31040 CRITICAL

stata-mcp <1.13.0 - Command Injection

CVE-2026-25776 CRITICAL

Movable Type <=9.1.0 - Code Injection

CVE-2026-39846 CRITICAL

SiYuan affected by Remote Code Execution in the Electron desktop client via stored XSS in synced table captions

CVE-2026-5739 HIGH

PowerJob OpenAPI Endpoint addWorkflowNode GroovyEvaluator.evaluate code injection

CVE-2026-39337 CRITICAL

ChurchCRM Affected by Unauthenticated RCE in Install Wizard

CVE-2026-30460 HIGH

FuelCMS 1.5.2 - Authenticated RCE

CVE-2026-34197 HIGH KEV

Apache ActiveMQ Broker, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

CVE-2026-5705 MEDIUM

code-projects Online Hotel Booking Booking Endpoint booknow.php cross site scripting

CVE-2026-35197 MEDIUM

Code injection in dye template expressions

CVE-2026-35178 CRITICAL

Workbench Affected by Remote Code Execution (RCE) via Malicious Cookie in Timezone Conversion

CVE-2026-5671 MEDIUM

Cyber-III Student-Management-System Class Schedule Deletion Endpoint delete_batch.php cross site scripting

CVE-2026-35171 CRITICAL

Arbitrary Code Execution via Malicious Logging Configuration in Kedro

CVE-2026-5668 LOW

Cyber-III Student-Management-System add%20notice.php cross site scripting

CVE-2026-26026 CRITICAL

GLPI has a Server-Side Template Injection via Double-Compilation

CVE-2026-5647 LOW

code-projects Online Shoe Store Add Product admin_feature.php cross site scripting

CVE-2026-5644 LOW

Cyber-III Student-Management-System batch-notice.php cross site scripting

Previous Page 6 of 248 Next

Details

Vulnerabilities 6,184

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy