CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,492 vulnerabilities with CWE-94
CVE-2025-5513 LOW
shiyi-blog < 1.2.1 - Stored Cross-Site Scripting via Comment Content Parameter
CVSS 3.5
CVE-2025-32106 CRITICAL
Audiocodes Mediapack MP-11x < 6.60A.369.002 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2025-5508 LOW
TOTOLINK A3002RU 2.1.1-B20230720.1011 - XSS
CVSS 2.4
CVE-2025-5507 LOW
TOTOLINK A3002RU 2.1.1-B20230720.1011 - XSS
CVSS 2.4
CVE-2025-25021 HIGH
IBM QRadar Suite Software <1.11.2.0 - Code Injection
CVSS 7.2
CVE-2025-5506 LOW
TOTOLINK A3002RU 2.1.1-B20230720.1011 - XSS
CVSS 2.4
CVE-2025-5505 LOW
TOTOLINK A3002RU 2.1.1-B20230720.1011 - XSS
CVSS 2.4
CVE-2025-5420 LOW
juzaweb CMS <= 3.4.2 - Cross-Site Scripting via File Manager Upload
CVSS 3.5
CVE-2025-5412 LOW
Mist Community Edition < 4.7.2 - Cross-Site Scripting via Login Return_To Parameter
CVSS 3.5
CVE-2025-5411 LOW
Mist Community Edition < 4.7.2 - Cross-Site Scripting via Tag Argument in tag_resources Function
CVSS 3.5
CVE-2025-5407 LOW
chaitak-gorai Blogbook - Stored Cross-Site Scripting via Fullname Parameter
CVSS 2.4
CVE-2025-5405 LOW
chaitak-gorai Blogbook < 2021-11-22 - Stored Cross-Site Scripting via Comment Functionality
CVSS 3.5
CVE-2025-5383 LOW
Yifang CMS < 2.0.2 - Cross-Site Scripting in Article Management Module
CVSS 2.4
CVE-2025-5378 MEDIUM
Astun Technology iShare Maps 5.4.0 - Cross-Site Scripting via atTxtStreet Parameter
CVSS 4.3
CVE-2025-5377 MEDIUM
Astun Technology iShare Maps 5.4.0 - Cross-Site Scripting via historic1.asp Zoom Parameter
CVSS 4.3
CVE-2025-48390 HIGH
FreeScout <1.8.178 - Code Injection
CVSS 7.2
CVE-2025-32801 HIGH
ISC Kea 2.4.0-2.4.1, 2.6.0-2.6.2, 2.7.0-2.7.8 - Unauthenticated Code Injection via Hook Library Loading
CVSS 7.8
CVE-2025-5181 LOW
Summer Pearl Group Vacation Rental Management Platform < 1.0.2 - Cross-Site Scripting via spgLsTitle Parameter
CVSS 3.5
CVE-2025-5179 LOW
Realce Tecnologia Queue Ticket Kiosk < 2025-05-17 - Cross-Site Scripting via Name/Usurio Argument
CVSS 2.4
CVE-2025-5177 MEDIUM
Realce Tecnologia Queue Ticket Kiosk < 2025-05-17 - Cross-Site Scripting via Admin Login Page Usurio Parameter
CVSS 4.3
CVE-2025-5153 LOW
CMS Made Simple 2.2.21 - Cross-Site Scripting in Design Manager Module
CVSS 3.5
CVE-2025-5151 MEDIUM
defog introspect < 0.1.4 - Code Injection in execute_analysis_code_safely
CVSS 5.3
CVE-2025-5150 MEDIUM
docarray < 0.40.1 - Prototype Pollution via __getitem__ Function
CVSS 6.3
CVE-2025-5138 LOW
Bitwarden < 2.25.1 - Cross-Site Scripting in PDF File Handler
CVSS 3.5
CVE-2025-5137 MEDIUM
DedeCMS 5.7.117 - Remote Code Injection via sys_verifies.php refiles Parameter
CVSS 4.7
Details
Vulnerabilities 6,492
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits