Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,501 vulnerabilities with CWE-94

CVE-2025-29807 HIGH

Microsoft Dataverse - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-0185 HIGH

Dify - Remote Code Execution via Pandas Query Injection in Vanna Module

CVE-2025-29401 CRITICAL

emlog pro 2.5.7 - Arbitrary File Upload and Remote Code Execution via Plugin.php

CVE-2025-2491 LOW

Dromara ujcms 9.7.5 - Stored Cross-Site Scripting in Edit Template File Page

CVE-2025-2490 LOW

Dromara ujcms 9.7.5 - Cross-Site Scripting via File Upload

CVE-2025-2377 LOW

SourceCodester Vehicle Management System 1.0 - Cross-Site Scripting via confirmbooking.php id Parameter

CVE-2025-2375 LOW

PHPGurukul Human Metapneumovirus Testing Management System 1.0 - XSS via Admin Profile Email

CVE-2025-2371 LOW

Human Metapneumovirus Testing Management System 1.0 - Cross-Site Scripting via regmobilenumber Parameter

CVE-2025-2366 LOW

gougucms 4.08.18 - Cross-Site Scripting via Add Department Page Title Parameter

CVE-2025-2364 LOW

lenve VBlog <= 1.0.0 - Stored Cross-Site Scripting via Article Service

CVE-2025-2361 MEDIUM

Mercurial SCM 4.5.3/71.19.145.211 - XSS

CVE-2025-2354 MEDIUM

VAM Virtual Airlines Manager <2.6.2 - XSS

CVE-2025-2352 LOW

StarSea99 starsea-mall - Cross-Site Scripting via categoryName Parameter

CVE-2025-2340 LOW

otale Tale Blog 2.0.5 - Stored Cross-Site Scripting in Site Settings via Site Title

CVE-2025-2335 LOW

Drivin Soluções up to 20250226 - XSS

CVE-2025-26924 MEDIUM

NotFound Ohio Extra <3.4.7 - Code Injection

CVE-2025-1119 HIGH

Simply Schedule Appointments Booking Plugin <1.6.8.5 - RCE

CVE-2025-27407 CRITICAL

graphql-ruby Remote Code Execution via Malicious Schema Definition

CVE-2025-26260 HIGH

Plenti <= 0.7.16 - Remote Code Execution via .svelte File Upload

CVE-2025-2214 LOW

Microweber 2.0.19 - Cross-Site Scripting via Settings Handler Group Argument

CVE-2025-2213 LOW

Castlenet CBW383G2N < 2025-03-01 - Cross-Site Scripting via SSID Parameter in Wireless Menu

CVE-2025-2212 LOW

Castlenet CBW383G2N < 2025-03-01 - Cross-Site Scripting via /RgSwInfo.asp Description Parameter

CVE-2025-2211 LOW

aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sysDictDetail/add Name Parameter

CVE-2025-2210 LOW

aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sysJob/add Name Parameter

CVE-2025-2209 LOW

aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sysDict/add Name Parameter

Previous Page 78 of 261 Next

Details

Vulnerabilities 6,501

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy