Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,502 vulnerabilities with CWE-94

CVE-2025-1360 LOW

Internet Web Solutions Sublime CRM <20250207 - XSS

CVE-2025-1359 MEDIUM

SIAM 2.0 - Cross-Site Scripting via /qrcode.jsp URL Parameter

CVE-2025-1337 LOW

Eastnets PaymentSafe <2.5.26.0 - XSS

CVE-2025-1332 LOW

FastCMS < 0.1.5 - Cross-Site Scripting in Template Menu

CVE-2025-1302 CRITICAL

jsonpath-plus < 10.3.0 - Remote Code Execution via Unsafe Eval Mode

CVE-2025-1213 LOW

PiHome 1.77 - Cross-Site Scripting via PHP_SELF Parameter

CVE-2025-1209 LOW

Wazifa System 1.0 - Cross-Site Scripting via searchuser Function

CVE-2025-1208 LOW

Wazifa System 1.0 - Cross-Site Scripting via Profile.php postcontent Parameter

CVE-2025-1196 LOW

Real Estate Property Management System 1.0 - Cross-Site Scripting via PropertyName Parameter

CVE-2025-1195 LOW

Real Estate Property Management System 1.0 - Cross-Site Scripting via CategoryId Parameter

CVE-2025-1190 LOW

Job Recruitment 1.0 - Cross-Site Scripting in load_user-profile.php

CVE-2025-1174 LOW

1000 Projects Bookstore Management System 1.0 - Cross-Site Scripting via Book Name Parameter

CVE-2025-1171 LOW

Real Estate Property Management System 1.0 - Cross-Site Scripting via Address Parameter in CustomerReport.php

CVE-2025-1170 LOW

Real Estate Property Management System 1.0 - Cross-Site Scripting via Desc Parameter in Category.php

CVE-2025-1169 LOW

SourceCodester Image Compressor Tool 1.0 - Cross-Site Scripting via Image Parameter

CVE-2025-1159 LOW

CampCodes School Management Software 1.0 - Cross-Site Scripting in /academic-calendar

CVE-2025-1155 MEDIUM

Webkul QloApps 1.6.1 - Cross-Site Scripting in Your Location Search

CVE-2025-1114 LOW

newbee-mall 1.0 - Cross-Site Scripting via Category Name Parameter in Add Category Page

CVE-2025-1105 MEDIUM

SiberianCMS 4.20.6 - Cross-Site Scripting in HTTP GET Request Handler

CVE-2025-1085 MEDIUM

Animati PACS <= 1.24.12.09.03 - Cross-Site Scripting via /login p Parameter

CVE-2025-1082 LOW

Mindskip xzs-mysql 3.9.0 - Stored Cross-Site Scripting in Exam Edit Handler

CVE-2025-25246 HIGH

NETGEAR XR1000 and XR500 Routers - Unauthenticated Remote Code Execution

CVE-2025-24677 CRITICAL

WPSpins Post/Page Copying Tool <2.0.3 - Code Injection

CVE-2025-1011 HIGH

Firefox < 135.0 and Thunderbird < 135.0 - Remote Code Execution via WebAssembly Code Generation

CVE-2025-22204 CRITICAL

Joomla Sourcerer < 11.0.0 - Remote Code Execution

Previous Page 82 of 261 Next

Details

Vulnerabilities 6,502

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy