Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,494 vulnerabilities with CWE-94

CVE-2025-4469 LOW

Online Student Clearance System 1.0 - Cross-Site Scripting via Admin Add Form Parameters

CVE-2025-4461 LOW

TOTOLINK N150RT 3.4.0-B20190525 - Cross-Site Scripting in Virtual Server Page

CVE-2025-4460 LOW

TOTOLINK N150RT 3.4.0-B20190525 - Cross-Site Scripting in URL Filtering Page

CVE-2025-26845 CRITICAL

Znuny 6.0.31-6.0.47 and 7.0.1-7.1.3 - Authenticated Eval Injection via Configuration File

CVE-2025-4208 MEDIUM

NEX-Forms < 8.9.1 - Authenticated Limited Code Execution via get_table_records Function

CVE-2025-47691 MEDIUM

Ultimate Member <2.10.3 - Code Injection

CVE-2025-47481 MEDIUM

GS Testimonial Slider <3.2.9 - Code Injection

CVE-2025-4326 LOW

MRCMS 3.1.2 - Cross-Site Scripting in Add Fragment Page

CVE-2025-4325 LOW

MRCMS 3.1.2 - Cross-Site Scripting via Category Management Page Name Parameter

CVE-2025-4324 LOW

MRCMS 3.1.2 - Cross-Site Scripting in External Link Management Page

CVE-2025-4323 LOW

MRCMS 3.1.2 - Stored Cross-Site Scripting via Edit Article Page Title Parameter

CVE-2025-2802 HIGH

LayoutBoxx <= 0.3.1 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2025-4293 LOW

MRCMS 3.1.3 - Cross-Site Scripting in Group Edit Page

CVE-2025-4292 LOW

MRCMS 3.1.3 - Cross-Site Scripting via Username Parameter in Edit User Page

CVE-2025-44071 CRITICAL

SeaCMS v13.3 - Remote Code Execution via phomebak.php

CVE-2025-43845 CRITICAL

retrieval-based-voice-conversion-webui < 2.2.231006 - Remote Code Execution via ckpt_path2 Parameter

CVE-2025-24977 CRITICAL

OpenCTI <6.4.11 - Command Injection

CVE-2025-4261 MEDIUM

GAIR-NLP factool <3f3914bc090b644be044b7e0005113c135d8b20f - Code I...

CVE-2025-4257 LOW

SeaCMS 13.2 - Cross-Site Scripting via admin_pay.php cstatus Parameter

CVE-2025-4256 LOW

SeaCMS 13.2 - Cross-Site Scripting via admin_paylog.php cstatus Parameter

CVE-2025-4218 MEDIUM

Handrew BrowserPilot <0.2.51 - Code Injection

CVE-2025-2421 CRITICAL

Profelis Informatics SambaBox <5.1 - Code Injection

CVE-2025-46569 HIGH

Open Policy Agent < 1.4.0 - Rego Injection via HTTP Data API Path

CVE-2025-4075 MEDIUM

VMSMan < 20250416 - Cross-Site Scripting via Email Parameter in Login Page

CVE-2025-45947 CRITICAL

phpgurukul Online Banquet Booking System V1.2 - Remote Code Execution via Change Password Component

Previous Page 71 of 260 Next

Details

Vulnerabilities 6,494

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy