CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,492 vulnerabilities with CWE-94
CVE-2025-48119 MEDIUM
RS WP Book Showcase <6.7.41 - Code Injection
CVSS 5.3
CVE-2025-47562 MEDIUM
RomanCode MapSVG <8.5.34 - Code Injection
CVSS 5.3
CVE-2025-47916 CRITICAL
Invisioncommunity < 5.0.7 - Remote Code Execution
CVSS 10.0
CVE-2025-4767 MEDIUM
defog-ai introspect <= 0.1.4 - Code Injection via Test Endpoint Input Model
CVSS 5.3
CVE-2025-4745 LOW
Employee Record System 1.0 - Cross-Site Scripting via employeed_id/first_name/middle_name/last_name Parameters
CVSS 3.5
CVE-2025-4744 LOW
Employee Record System 1.0 - Cross-Site Scripting via employeed_id/first_name/middle_name/last_name Parameters
CVSS 3.5
CVE-2025-3053 HIGH
UiPress lite < 3.5.07 - Authenticated Remote Code Execution via uip_process_form_input()
CVSS 8.8
CVE-2025-32363 CRITICAL
mediDOK <2.5.18.43 - Code Injection
CVSS 9.8
CVE-2025-0134 MEDIUM
Palo Alto Networks Cortex XDR - Code Injection
CVE-2025-4428 HIGH KEV
Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution
CVSS 7.2
CVE-2025-45857 CRITICAL
EDIMAX CV7428NS v1.20 - Remote Code Execution via Command Parameter in mp Function
CVSS 9.8
CVE-2025-43010 HIGH
SAP S/4HANA Cloud Private Edition or on Premise - Command Injection
CVSS 8.3
CVE-2025-44022 CRITICAL
vvveb 1.0.6 - Remote Code Execution via Plugin Mechanism
CVSS 9.8
CVE-2025-47271 MEDIUM
OZI-Project/publish 1.13.2-1.13.5 - Remote Code Execution via Branch Name Injection
CVE-2025-4551 LOW
ContiNew Admin < 3.6.0 - Stored Cross-Site Scripting via /dev-api/common/file File Parameter
CVSS 3.5
CVE-2025-4547 LOW
Web-based Pharmacy Product Management System 1.0 - Stored Cross-Site Scripting in Add User Page
CVSS 2.4
CVE-2025-4531 MEDIUM
Seeyon Zhiyuan OA Web Application System 8.1 SP2 - Remote Code Injection via payrollId Argument
CVSS 6.3
CVE-2025-4512 MEDIUM
Inetum IODAS 7.2-LTS.4.1-JDK7/7.2-RC3.2-JDK7 - XSS
CVSS 4.3
CVE-2025-4495 LOW
JAdmin 1.0 - Cross-Site Scripting via /memoAjax/save ID Parameter
CVSS 3.5
CVE-2025-46191 CRITICAL
Client Database Management System 1.0 - Unauthenticated RCE via user_payment_update.php
CVSS 9.8
CVE-2025-28203 HIGH
Victure RX1800 EN_V1.0.0_r12_110933 - OS Command Injection
CVSS 8.8
CVE-2025-1087 CRITICAL
Kong Insomnia Desktop Application <11.0.2 - Code Injection
CVE-2025-4470 LOW
Online Student Clearance System 1.0 - Cross-Site Scripting via Fullname Parameter
CVSS 2.4
CVE-2025-4469 LOW
Online Student Clearance System 1.0 - Cross-Site Scripting via Admin Add Form Parameters
CVSS 2.4
CVE-2025-4461 LOW
TOTOLINK N150RT 3.4.0-B20190525 - Cross-Site Scripting in Virtual Server Page
CVSS 2.4
Details
Vulnerabilities 6,492
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits