CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,502 vulnerabilities with CWE-94
CVE-2025-1613 LOW
FiberHome AN5506-01A ONU GPON RP2511 - Cross-Site Scripting via URL Filtering Submenu url_IP Parameter
CVSS 2.4
CVE-2025-1612 LOW
Edimax BR-6288ACL 1.30 - Cross-Site Scripting via SSID Parameter in wireless5g_basic.asp
CVSS 3.5
CVE-2025-1597 LOW
Best Church Management Software 1.0 - Cross-Site Scripting via Redirect Parameter
CVSS 3.5
CVE-2025-1592 LOW
Best Employee Management System 1.0 - Cross-Site Scripting via Role Assignment Parameters
CVSS 2.4
CVE-2025-1591 LOW
SourceCodester Employee Management System 1.0 - Cross-Site Scripting via Department Name Parameter
CVSS 2.4
CVE-2025-1589 MEDIUM
SourceCodester E-Learning System 1.0 - Cross-Site Scripting in User Registration Handler
CVSS 4.3
CVE-2025-1586 LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via Bloodname Parameter
CVSS 3.5
CVE-2025-1585 LOW
tale_project tale < 2.0.5 - Cross-Site Scripting via logo_url Parameter in Header Template
CVSS 2.4
CVE-2025-1579 LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via Email Parameter
CVSS 2.4
CVE-2025-1577 LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via /prostatus.php Message Parameter
CVSS 3.5
CVE-2025-1553 LOW
pankajindevops scale - Cross-Site Scripting
CVSS 3.5
CVE-2025-1510 HIGH
Custom Post Type Date Archives < 2.7.1 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode
CVSS 7.3
CVE-2025-1509 HIGH
Show Me The Cookies <= 1.0 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode
CVSS 7.3
CVE-2025-26014 CRITICAL
Loggrove 1.0 - Remote Code Execution via Path Parameter
CVSS 9.8
CVE-2025-25507 MEDIUM
Tenda AC6 15.03.05.16_multi - Remote Code Execution via formexeCommand cmdinput Parameter
CVSS 6.5
CVE-2025-1548 LOW
Dreamer CMS 4.1.3 - Cross-Site Scripting via Editor Value Parameter
CVSS 3.5
CVE-2025-25675 CRITICAL
Tenda AC10 V1.0 V15.03.06.23 - OS Command Injection via formexeCommand
CVSS 9.8
CVE-2025-24893 CRITICAL KEV
XWiki Platform - Remote Code Execution
CVSS 9.8
CVE-2025-0161 HIGH
IBM Security Verify Access Appliance <11.0.0.0 - Code Injection
CVSS 7.8
CVE-2025-27218 MEDIUM
Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization
CVSS 5.3
CVE-2025-25944 HIGH
Bento4 1.6.0-641 - Buffer Overflow in AP4_RtpAtom::AP4_RtpAtom via Crafted MP4 File
CVSS 7.3
CVE-2025-25943 HIGH
Bento4 1.6.0-641 - Buffer Overflow in AP4_Stz2Atom
CVSS 7.8
CVE-2025-1465 MEDIUM
lmxcms 1.41 - Code Injection in Maintenance Component
CVSS 4.1
CVE-2025-25467 CRITICAL
libx264 - Remote Code Execution via Crafted AAC File
CVSS 9.8
CVE-2025-1392 LOW
D-Link DIR-816 1.01TO - Cross-Site Scripting via SSID Parameter
CVSS 3.5
Details
Vulnerabilities 6,502
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits