Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,501 vulnerabilities with CWE-94

CVE-2025-29306 CRITICAL

FoxCMS v.1.2.5 - Remote Code Execution

CVE-2025-30067 HIGH

Apache Kylin <5.0.1 - Code Injection

CVE-2025-2867 MEDIUM

GitLab 17.8.0-17.8.5, 17.9.0-17.9.2, 17.10.0 - Unauthorized Sensitive Data Exposure via AI-Assisted Development Feature

CVE-2025-2787 HIGH

KNIME Business Hub 1.10.0-1.10.3 - Authenticated Remote Code Execution via Ingress-nginx Component

CVE-2025-26003 CRITICAL

Telesquare TLR-2005KSH 1.1.4 - Unauthenticated Remote Code Execution via admin.cgi setAutorest Parameter

CVE-2025-28893 CRITICAL

Visual Text Editor <1.2.1 - Code Injection

CVE-2025-2715 LOW

timschofield webERP <5.0.0.rc+13 - XSS

CVE-2025-2714 MEDIUM

JoomlaUX JUX Real Estate 3.4.0 - Cross-Site Scripting via Plan ID Parameter

CVE-2025-2712 MEDIUM

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

CVE-2025-2711 MEDIUM

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

CVE-2025-2710 MEDIUM

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

CVE-2025-2709 MEDIUM

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

CVE-2025-2700 LOW

dante3 0.4.0-0.4.4 - Cross-Site Scripting in Insert Link Handler

CVE-2025-2699 LOW

GetmeUK ContentTools < 1.6.16 - Cross-Site Scripting via Image Handler onload Argument

CVE-2025-2673 LOW

code-projects Payroll Management System 1.0 - XSS

CVE-2025-29806 MEDIUM

Microsoft Edge Chromium < 129.0.2792.52 - Remote Code Execution via Type Confusion

CVE-2025-2650 LOW

PHPGurukul Medical Card Generation System 1.0 - XSS

CVE-2025-2645 LOW

PHPGurukul Art Gallery Management System 1.0 - XSS

CVE-2025-2623 LOW

westboy CicadasCMS 1.0 - Cross-Site Scripting via Title/Content/Laiyuan Argument

CVE-2025-2617 LOW

crud 1.0.0 - Cross-Site Scripting in Department Page

CVE-2025-2616 LOW

crud 1.0.0 - Cross-Site Scripting in Role Management Page

CVE-2025-2303 HIGH

Block Logic - Full Gutenberg Block Display Control <1.0.9 - RCE

CVE-2025-2590 LOW

code-projects Human Resource Management System 1.0.1 - Cross-Site Scripting in UpdateRecruitmentById Function

CVE-2025-2583 LOW

SimpleMachines SMF 2.1.4 - Cross-Site Scripting in ManageNews.php

CVE-2025-2582 LOW

SimpleMachines SMF 2.1.4 - Cross-Site Scripting in ManageAttachments.php

Previous Page 77 of 261 Next

Details

Vulnerabilities 6,501

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy