CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,492 vulnerabilities with CWE-94
CVE-2025-7800 LOW
cgpandey hotelmis < c572198e6c4780fccc63b1d3e8f3f72f825fc94e - XSS
CVSS 3.5
CVE-2025-7791 LOW
PHPGurukul Online Security Guards Hiring System 1.0 - XSS
CVSS 3.5
CVE-2025-46000 MEDIUM
simogeo Filemanager < 2.5.0 - Arbitrary File Upload and Remote Code Execution via SVG File
CVSS 6.5
CVE-2025-7786 LOW
Gnuboard g6 < 6.0.10 - Cross-Site Scripting in Post Reply Handler
CVSS 3.5
CVE-2025-7767 LOW
PHPGurukul Art Gallery Management System 1.1 - XSS
CVSS 3.5
CVE-2025-3753 HIGH
ROS rosbag filter - Arbitrary Python Code Execution
CVSS 7.8
CVE-2025-54068 CRITICAL KEV
Livewire 3.0.0-3.6.3 - Unauthenticated Remote Code Execution via Component Property Hydration
CVSS 9.8
CVE-2025-7748 LOW
ZCMS 3.6.0 - Cross-Site Scripting via Create Article Page Title Argument
CVSS 3.5
CVE-2025-53867 CRITICAL
Island Lake WebBatch < 2025C - Remote Code Execution via Crafted URL
CVSS 9.8
CVE-2025-53928 MEDIUM
maxkb < 1.10.9 - Remote Code Execution via MCP Call
CVSS 4.6
CVE-2025-53927 MEDIUM
maxkb < 2.0.0 - Remote Code Execution via shutil.copy2 Directory Restriction Bypass
CVSS 4.6
CVE-2025-7729 LOW
Scada-LTS < 2.7.8.1 - Cross-Site Scripting via Username Parameter in usersProfiles.shtm
CVSS 3.5
CVE-2025-7728 LOW
Scada-LTS < 2.7.8.1 - Cross-Site Scripting via Username Parameter in users.shtm
CVSS 3.5
CVE-2025-5396 CRITICAL
Bears Backup < 2.0.0 - Unauthenticated Remote Code Execution via bbackup_ajax_handle()
CVSS 9.8
CVE-2025-34128 HIGH
X360 VideoPlayer <2.6 - Buffer Overflow
CVE-2025-34127 CRITICAL
Achat Chat Server 0.150 - Stack-based Buffer Overflow via UDP Port 9256
CVE-2025-34124 HIGH
Heroes of Might and Magic III - Buffer Overflow
CVE-2025-34123 HIGH
VideoCharge Studio 2.12.3.685 - Buffer Overflow
CVE-2025-37105 HIGH
HPE AutoPass License Server < 9.18 - Remote Code Execution via HSQLDB
CVSS 7.5
CVE-2025-53890 CRITICAL
pyLoad CAPTCHA Processing - Unsafe JavaScript Evaluation Code Execution
CVSS 9.8
CVE-2025-53836 CRITICAL
XWiki Rendering <13.10.11-14.4.7-14.10 - RCE
CVSS 9.9
CVE-2025-7601 LOW
PHPGurukul Online Library Management System 3.0 - XSS
CVSS 3.5
CVE-2025-7569 LOW
Bigotry OneBase <= 1.3.6 - Cross-Site Scripting via parse_args Function
CVSS 3.5
CVE-2025-7567 MEDIUM
ShopXO < 6.5.0 - Cross-Site Scripting via lang/system_type Parameter
CVSS 4.3
CVE-2025-7554 LOW
Sapido RB-1802 1.0.32 - Cross-Site Scripting in URL Filtering Page
CVSS 2.4
Details
Vulnerabilities 6,492
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits