Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,502 vulnerabilities with CWE-94

CVE-2025-2047 LOW

PHPGurukul Art Gallery Management System 1.0 - Cross-Site Scripting via Search Parameter

CVE-2025-25362 CRITICAL

spacy-llm < 0.7.3 - Server-Side Template Injection via Template Field

CVE-2025-27678 CRITICAL

Vasion Print < 20.0.1923 and Virtual Appliance < 22.0.843 - Remote Code Execution

CVE-2025-27657 CRITICAL

Vasion Print < 20.0.1923 and Virtual Appliance < 22.0.843 - Remote Code Execution

CVE-2025-1967 LOW

Blood Bank Management System 1.0 - XSS

CVE-2025-1957 LOW

code-projects Blood Bank System 1.0 - Cross-Site Scripting via Bloodname Parameter

CVE-2025-1955 LOW

code-projects Online Class and Exam Scheduling System 1.0 - XSS

CVE-2025-1949 MEDIUM

ZZCMS 2025 - Cross-Site Scripting via $_SERVER['PHP_SELF'] in register_nodb.php

CVE-2025-26182 MEDIUM

novel-plus < 4.4.0 - Remote Code Execution via PageController.java

CVE-2025-1905 LOW

SourceCodester Employee Management System 1.0 - XSS

CVE-2025-1904 LOW

code-projects Blood Bank System 1.0 - XSS

CVE-2025-1892 LOW

shishuocms 1.1 - Stored Cross-Site Scripting via folderName Parameter

CVE-2025-26970 CRITICAL

Ark Theme Core < 1.71.0 - Unauthenticated Remote Code Execution

CVE-2025-1842 MEDIUM

FITSTATS Technologies AthleteMonitoring <20250302 - XSS

CVE-2025-1830 LOW

zframeworks zz < 2024-8 - Cross-Site Scripting via Customer Name Argument

CVE-2025-1817 LOW

Mini-Tmall < 2025-02-11 - Cross-Site Scripting in Admin Name Handler

CVE-2025-1810 MEDIUM

Pixsoft Vivaz 6.0.11 - Cross-Site Scripting via Login Endpoint Sistema Parameter

CVE-2025-27554 CRITICAL

ToDesktop < 2024-10-03 - Remote Code Execution via Postinstall Script

CVE-2025-26264 HIGH

GeoVision GV-ASWeb <= 6.1.2.0 - Authenticated Remote Code Execution via Notification Settings

CVE-2025-1742 MEDIUM

PiHome MaxAir 2.0 - Stored Cross-Site Scripting via /home.php page_name Parameter

CVE-2025-25789 CRITICAL

FoxCMS v1.2.5 - Remote Code Execution via Sitemap Controller Index Method

CVE-2025-1618 MEDIUM

vtiger CRM 6.4.0-6.5.0 - Cross-Site Scripting via _operation Parameter

CVE-2025-1617 LOW

Netis WF2780 2.1.41925 - Cross-Site Scripting via Wireless 2.4G Menu SSID Parameter

CVE-2025-1615 LOW

FiberHome AN5506-01A ONU GPON RP2511 - Cross-Site Scripting via NAT Submenu Description Parameter

CVE-2025-1614 LOW

FiberHome AN5506-01A ONU GPON RP2511 - Cross-Site Scripting via Port Forwarding Submenu pf_Description Parameter

Previous Page 80 of 261 Next

Details

Vulnerabilities 6,502

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy