CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,494 vulnerabilities with CWE-94
CVE-2025-23251 HIGH
NVIDIA NeMo < 25.02 - Remote Code Execution
CVSS 7.6
CVE-2025-3472 MEDIUM
Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode
CVSS 6.5
CVE-2025-3842 MEDIUM
panhainan DS-Java 1.0 - Remote Code Execution via File Upload Parameter
CVSS 6.3
CVE-2025-3841 LOW
wix-incubator jam <e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9 - Impro...
CVSS 3.3
CVE-2025-3826 LOW
Web-based Pharmacy Product Management System 1.0 - Cross-Site Scripting via txtsupplier_name/txtaddress Parameter
CVSS 2.4
CVE-2025-3825 LOW
Web-based Pharmacy Product Management System 1.0 - Cross-Site Scripting via txtcategory_name Parameter
CVSS 2.4
CVE-2025-3824 LOW
Web-based Pharmacy Product Management System 1.0 - Stored Cross-Site Scripting via txtprice/txtproduct_name Parameters
CVSS 2.4
CVE-2025-3823 LOW
Web-based Pharmacy Product Management System 1.0 - Cross-Site Scripting via add-stock.php Parameters
CVSS 2.4
CVE-2025-3822 LOW
SourceCodester Web-based Pharmacy Product Management System 1.0 - XSS via changepassword.php
CVSS 2.4
CVE-2025-3821 LOW
Web-based Pharmacy Product Management System 1.0 - Stored Cross-Site Scripting via add-admin.php Input Fields
CVSS 2.4
CVE-2025-3806 LOW
dazhouda lecms <= 3.0.3 - Cross-Site Scripting in Edit Profile Handler
CVSS 2.4
CVE-2025-3801 LOW
songquanpeng one-api <= 0.6.10 - Cross-Site Scripting via Homepage Content/About System/Footer
CVSS 2.4
CVE-2025-29058 CRITICAL
Qimou CMS 3.34.0 - Remote Code Execution via Upgrade Component
CVSS 9.8
CVE-2025-3795 LOW
DaiCuo 1.3.13 - Cross-Site Scripting in SEO Optimization Settings Section
CVSS 2.4
CVE-2025-3789 LOW
JSite 1.0 - Cross-Site Scripting via Name Parameter in /a/sys/area/save
CVSS 3.5
CVE-2025-3788 LOW
JSite 1.0 - Cross-Site Scripting via Name Parameter in /a/sys/user/save
CVSS 3.5
CVE-2025-3509 HIGH
GitHub Enterprise Server < 3.13.16 - Authenticated Remote Code Execution via Pre-Receive Hook Port Allocation
CVSS 7.2
CVE-2025-29662 CRITICAL
LandChat 3.25.12.18 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2025-29661 HIGH
Litepubl CMS <= 7.0.9 - Remote Code Execution via Admin Service Run
CVSS 7.2
CVE-2025-29039 HIGH
D-Link DIR-823x Firmware - Remote Code Execution via Function 0x41dda8
CVSS 7.2
CVE-2025-32596 HIGH
Rameez Iqbal Real Estate Manager <7.3 - Code Injection
CVSS 7.3
CVE-2025-32583 CRITICAL
termel PDF 2 Post <2.4.0 - Code Injection
CVSS 9.9
CVE-2025-1532 HIGH
honor phoneservice < 11.0.0.276 - Code Injection
CVSS 8.1
CVE-2025-3692 LOW
SourceCodester Online Eyewear Shop 1.0 - Cross-Site Scripting in Master.php save_product
CVSS 2.4
CVE-2025-3688 LOW
Seven Bears Library CMS 2023 - Cross-Site Scripting in Background Management Page
CVSS 2.4
Details
Vulnerabilities 6,494
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits