Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,492 vulnerabilities with CWE-94

CVE-2025-50123 HIGH

EcoStruxure IT Data Center Expert >=8.3 - Remote Code Execution via Hostname Input

CVE-2025-5392 CRITICAL

GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution via gbfdb_talk_to_front()

CVE-2025-7435 LOW

LiveHelperChat lhc-php-resque Extension - Cross-Site Scripting

CVE-2025-53626 MEDIUM

pdfme 5.2.0-5.4.0 - Prototype Pollution and Cross-Site Scripting via Expression Evaluation

CVE-2025-7408 LOW

SourceCodester Zoo Management System 1.0 - XSS

CVE-2025-34077 CRITICAL

WordPress Pie Register <3.7.1.4 - Auth Bypass

CVE-2025-53547 HIGH

Helm <3.18.4 - Local Code Execution

CVE-2025-49704 HIGH KEV

Microsoft SharePoint Server - Remote Code Execution

CVE-2025-47988 HIGH

Azure Monitor Agent < 1.35.1 - Unauthenticated Remote Code Execution

CVE-2025-7182 MEDIUM

Student Transcript Processing System 1.0 - Cross-Site Scripting via edit.php pre Parameter

CVE-2025-6744 HIGH

Woodmart <= 8.2.3 - Unauthenticated Arbitrary Shortcode Execution via woodmart_get_products_shortcode()

CVE-2025-42967 CRITICAL

SAP S/4HANA and SCM Characteristic Propagation - User-Level Report Code Execution

CVE-2025-7153 LOW

CodeAstro Simple Hospital Management System 1.0 - Stored Cross-Site Scripting via Doctor Profile POST Parameters

CVE-2025-7148 LOW

CodeAstro Simple Hospital Management System 1.0 - Stored Cross-Site Scripting via Patient POST Parameter

CVE-2025-7144 LOW

Best Salon Management System 1.0 - Cross-Site Scripting via Admin Name Parameter in Admin Profile Page

CVE-2025-7143 LOW

Best Salon Management System 1.0 - Cross-Site Scripting via Tax Name Parameter in Update Tax Page

CVE-2025-7142 LOW

Best Salon Management System 1.0 - Cross-Site Scripting in Search Appointment Panel

CVE-2025-7141 LOW

Best Salon Management System 1.0 - Cross-Site Scripting in Update Staff Page

CVE-2025-7140 LOW

Best Salon Management System 1.0 - Cross-Site Scripting via Staff Name Parameter in Update Staff Page

CVE-2025-7139 LOW

Best Salon Management System 1.0 - Cross-Site Scripting via Update Customer Details Page Name Parameter

CVE-2025-36014 HIGH

IBM Integration Bus for z/OS 10.1.0.0-10.1.0.5 - Code Injection via IIB Install Directory

CVE-2025-45479 CRITICAL

educoder challenges 1.0 - Remote Code Execution via Container Injection

CVE-2025-7113 LOW

Portabilis i-Educar 2.9.0 - Cross-Site Scripting via Curricular Components Module Nome Parameter

CVE-2025-7112 LOW

Portabilis i-Educar 2.9.0 - Cross-Site Scripting via Function Management Module

CVE-2025-7111 LOW

Portabilis i-Educar 2.9.0 - Cross-Site Scripting via Curso Parameter in Course Module

Previous Page 63 of 260 Next

Details

Vulnerabilities 6,492

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy