Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,492 vulnerabilities with CWE-94

CVE-2025-6131 LOW

CodeAstro Food Ordering System 1.0 - Stored Cross-Site Scripting via Restaurant Name/Address Parameter

CVE-2025-5309 CRITICAL

BeyondTrust Privileged Remote Access & Remote Support 24.2.2-24.2.4 - RCE via Chat

CVE-2025-6127 LOW

PHPGurukul Nipah Virus Testing Management System 1.0 - Cross-Site Scripting via Search Report Parameter

CVE-2025-6126 MEDIUM

PHPGurukul Rail Pass Management System 1.0 - Cross-Site Scripting via Contact Form Name Parameter

CVE-2025-6125 LOW

PHPGurukul Rail Pass Management System 1.0 - Cross-Site Scripting via pagedes Argument

CVE-2025-6101 MEDIUM

Letta-ai <0.4.1 - Improper Neutralization

CVE-2025-6092 MEDIUM

comfyanonymous comfyui <0.3.39 - XSS

CVE-2025-49581 HIGH

XWiki Wiki Macro Parameters - Programming Rights Code Execution

CVE-2025-28386 CRITICAL

OpenC3 COSMOS 6.0.0 - Remote Code Execution via Plugin Management .txt File Upload

CVE-2025-29902 CRITICAL

RTS VLink and Telex RDC Server - Remote Code Execution

CVE-2025-30085 CRITICAL

Joomla RSForm!Pro 3.0.0-3.3.14 - Admin Export Code Execution

CVE-2025-5984 LOW

Online Student Clearance System 1.0 - Cross-Site Scripting via txtamt Parameter

CVE-2025-5976 LOW

PHPGurukul Rail Pass Management System 1.0 - Cross-Site Scripting via fullname Parameter

CVE-2025-5975 MEDIUM

PHPGurukul Rail Pass Management System 1.0 - Cross-Site Scripting via searchdata Parameter

CVE-2025-5974 LOW

PHPGurukul Restaurant Table Booking System 1.0 - Cross-Site Scripting via /check-status.php searchdata Parameter

CVE-2025-5973 LOW

PHPGurukul Restaurant Table Booking System 1.0 - Cross-Site Scripting via tableno Parameter

CVE-2025-5972 LOW

PHPGurukul Restaurant Table Booking System 1.0 - Cross-Site Scripting via fullname Parameter

CVE-2025-5970 LOW

PHPGurukul Restaurant Table Booking System 1.0 - Cross-Site Scripting via fullname Parameter

CVE-2025-5887 LOW

jsnjfz WebStack-Guns 1.0 - Cross-Site Scripting via File Upload Argument

CVE-2025-5886 LOW

emlog < 2.5.7 - Cross-Site Scripting via active_post Argument in /admin/article.php

CVE-2025-48140 CRITICAL

MetalpriceAPI <1.1.4 - Code Injection

CVE-2025-48123 CRITICAL

Holest Engineering Spreadsheet Price Changer <2.4.37 - Code Injection

CVE-2025-5884 LOW

Konica Minolta bizhub < 2025-02-02 - Cross-Site Scripting via Model Name Argument

CVE-2025-5879 LOW

WukongCRM 9.0 - Cross-Site Scripting via File Upload in AdminSysConfigController.java

CVE-2025-49013 CRITICAL

WilderForge - Remote Code Execution via GitHub Actions Workflow Injection

Previous Page 66 of 260 Next

Details

Vulnerabilities 6,492

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy