Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,502 vulnerabilities with CWE-94

CVE-2025-2209 LOW

aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sysDict/add Name Parameter

CVE-2025-2208 LOW

aitangbao springboot-manager 3.0 - Cross-Site Scripting via Filename Handler

CVE-2025-2207 LOW

aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sys/dept Name Parameter

CVE-2025-2206 LOW

aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sys/permission Name Parameter

CVE-2025-25680 HIGH

LSC Indoor PTZ Camera 7.6.32 - Remote Code Execution via Crafted QR Code in Wi-Fi Configuration

CVE-2025-2196 LOW

MRCMS 3.1.2 - Cross-Site Scripting via File Upload Path Parameter

CVE-2025-2195 LOW

MRCMS 3.1.2 - Cross-Site Scripting in File Rename Function

CVE-2025-2194 LOW

MRCMS 3.1.2 - Cross-Site Scripting in File Controller Path Parameter

CVE-2025-2191 LOW

Claro A7600-A1 RNR4-A72T-2x16_v2110403_CLA_32_160817 - XSS

CVE-2025-1550 CRITICAL

Keras 3.0.0-3.8.0 and 3.9.0 - Remote Code Execution via Malicious .keras Archive

CVE-2025-2169 HIGH

WPCS - WordPress Currency Switcher Professional <1.2.0.4 - RCE

CVE-2025-26936 CRITICAL

NotFound Fresh Framework <1.70.0 - Code Injection

CVE-2025-1497 CRITICAL

PlotAI < 0.0.7 - Remote Code Execution via Unvalidated LLM Output

CVE-2025-2133 LOW

ftcms 2.1 - Cross-Site Scripting via News Edit Title Parameter

CVE-2025-2131 LOW

xunruicms < 4.6.3 - Cross-Site Scripting via Friendly Links Handler Website Address

CVE-2025-2130 LOW

OpenXE < 1.12 - Cross-Site Scripting via Ticket Notizen Parameter

CVE-2025-2127 MEDIUM

JoomlaUX JUX Real Estate 3.4.0 - XSS

CVE-2025-2124 LOW

Control iD RH iD 25.2.25.0 - Cross-Site Scripting via Change Password API Message Parameter

CVE-2025-2123 LOW

GeSHi < 1.0.9.1 - Cross-Site Scripting via CSS Handler get_var Function

CVE-2025-2087 LOW

starsea-mall 1.0 - Cross-Site Scripting via goodsName Parameter

CVE-2025-2086 LOW

starsea-mall 1.0 - Cross-Site Scripting via redirectUrl Parameter

CVE-2025-2085 LOW

starsea-mall 1.0 - Cross-Site Scripting via redirectUrl Parameter

CVE-2025-2084 LOW

PHPGurukul Human Metapneumovirus Testing Management System 1.0 - Cross-Site Scripting in Search Report Page

CVE-2025-2061 MEDIUM

Online Ticket Reservation System 1.0 - Cross-Site Scripting via Passenger Name Parameter

CVE-2025-2049 LOW

code-projects Blood Bank System 1.0 - Cross-Site Scripting via Bloodname Parameter in AB+.php

Previous Page 79 of 261 Next

Details

Vulnerabilities 6,502

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy