Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,501 vulnerabilities with CWE-94

CVE-2025-28146 CRITICAL

Edimax BR-6478AC V3 Firmware 1.0.15 - OS Command Injection via fota_url Parameter

CVE-2025-3219 LOW

Perfex CRM 3.2.1 - Stored Cross-Site Scripting in Project Discussions Module

CVE-2025-29064 CRITICAL

TOTOLINK X18 v.9.1.0cu.2024_B20220329 - Remote Code Execution via cstecgi.cgi sub_410E54 Function

CVE-2025-26818 CRITICAL

Netwrix Password Secure <= 9.2 - OS Command Injection

CVE-2025-3164 MEDIUM

Tencent Music Entertainment SuperSonic <= 0.9.8 - Remote Code Execution via H2 Database Connection Handler

CVE-2025-3163 MEDIUM

InternLM LMDeploy <= 0.7.1 - Code Injection in Open Function

CVE-2025-3157 LOW

Intelbras WRN 150 1.0.15_pt_ITB01 - XSS

CVE-2025-2945 CRITICAL

pgAdmin Query Tool authenticated RCE (CVE-2025-2945)

CVE-2025-3152 LOW

caipeichao ThinkOX 1.0 - Cross-Site Scripting via Search Keywords Parameter

CVE-2025-3149 LOW

itning Student Homework Management System <= 1.2.7 - Cross-Site Scripting via Edit Job Page Course Parameter

CVE-2025-31722 HIGH

Jenkins Templating Engine Plugin <2.5.3 - RCE

CVE-2025-30580 CRITICAL

DigiWidgets Image Editor <1.10 - Code Injection

CVE-2025-30911 CRITICAL

Rometheme RomethemeKit For Elementor <1.5.4 - Code Injection

CVE-2025-24243 HIGH

Apple iPadOS < 17.7.6 - Remote Code Execution via Maliciously Crafted File

CVE-2025-3036 LOW

yzk2356911358 StudentServlet-JSP - Cross-Site Scripting via Name Argument

CVE-2025-3005 LOW

ForestBlog < 2025-03-21 - Cross-Site Scripting in Friend Link Handler

CVE-2025-3004 LOW

ForestBlog < 2025-03-21 - Cross-Site Scripting via Search Keywords Parameter

CVE-2025-2981 LOW

Legrand SMS PowerView 1.x - Cross-Site Scripting via Redirect Parameter

CVE-2025-2979 LOW

WCMS 11 - Stored Cross-Site Scripting via Username Parameter in Registration

CVE-2025-2977 LOW

GFI KerioConnect 10.0.6 - Cross-Site Scripting in PDF File Handler

CVE-2025-2976 LOW

GFI KerioConnect 10.0.6 - Stored Cross-Site Scripting via File Upload

CVE-2025-2975 LOW

GFI KerioConnect 10.0.6 - Stored Cross-Site Scripting in Signature Handler

CVE-2025-2974 LOW

Perfex CRM < 3.2.1 - Stored Cross-Site Scripting in Contracts Module

CVE-2025-2803 HIGH

So-Called Air Quotes <= 0.1 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2025-2878 LOW

Kentico CMS < 13.0.178 - Cross-Site Scripting via New Database Parameter in Install Wizard

Previous Page 76 of 261 Next

Details

Vulnerabilities 6,501

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy