Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,492 vulnerabilities with CWE-94

CVE-2025-5120 CRITICAL

huggingface/smolagents < 1.17.0 - Remote Code Execution via local_python_executor.py Sandbox Escape

CVE-2025-8222 LOW

jerryshensjf JPACookieShop - Stored Cross-Site Scripting in GoodsController.java

CVE-2025-8221 MEDIUM

jerryshensjf JPACookieShop - Cross-Site Scripting via GoodsCustController.java goodsSearch Function

CVE-2025-8211 LOW

Roothub < 2.6.0 - Cross-Site Scripting in SystemConfigAdminController Edit Function

CVE-2025-8206 LOW

Comodo Dragon < 134.0.6998.179 - Cross-Site Scripting in IP DNS Leakage Detector

CVE-2025-8191 LOW

macrozheng mall < 1.0.3 - Cross-Site Scripting via Swagger UI configUrl Parameter

CVE-2025-8167 LOW

Church Donation System 1.0 - Cross-Site Scripting via fname Parameter in Edit Members

CVE-2025-29631 CRITICAL

Gardyn Home Kit Firmware < master.619 - OS Command Injection

CVE-2025-29629 CRITICAL

Gardyn Home Kit Firmware < master.619 - Use of Default Credentials

CVE-2025-34114 HIGH

OpenBlow - Client-Side Security Misconfiguration via Missing Critical HTTP Response Headers

CVE-2025-8155 LOW

D-Link DCS-6010L 1.15.03 - Cross-Site Scripting via paratest Parameter in Management Application

CVE-2025-8115 LOW

PHPGurukul Taxi Stand Management System 1.0 - Cross-Site Scripting via Registration Number or License Number Parameter

CVE-2025-54451 CRITICAL

Samsung MagicINFO 9 Server < 21.1080.0 - Code Injection

CVE-2025-42947 MEDIUM

SAP FICA ODN framework - Authenticated Code Injection via Local Variable Manipulation

CVE-2025-8030 HIGH

Firefox and Thunderbird < 141.0 - Remote Code Execution via Copy as cURL Feature

CVE-2025-51482 HIGH

letta 0.7.12 - Remote Code Execution via /v1/tools/run Endpoint

CVE-2025-6213 HIGH

Nginx Cache Purge Preload <2.1.1 - Authenticated RCE

CVE-2025-7951 LOW

code-projects Public Chat Room 1.0 - XSS

CVE-2025-7946 MEDIUM

PHPGurukul Apartment Visitors Management System 1.0 - XSS

CVE-2025-7944 MEDIUM

PHPGurukul Taxi Stand Management System 1.0 - XSS

CVE-2025-7943 MEDIUM

PHPGurukul Taxi Stand Management System 1.0 - XSS

CVE-2025-7942 LOW

PHPGurukul Taxi Stand Management System 1.0 - XSS

CVE-2025-7941 LOW

PHPGurukul Time Table Generator System 1.0 - XSS

CVE-2025-7926 LOW

PHPGurukul Online Banquet Booking System 1.0 - XSS

CVE-2025-7925 MEDIUM

PHPGurukul Online Banquet Booking System 1.0 - XSS

Previous Page 60 of 260 Next

Details

Vulnerabilities 6,492

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy