Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,502 vulnerabilities with CWE-94

CVE-2025-24959 LOW

zx <8.3.2 - Command Injection

CVE-2025-0972 LOW

Zenvia Movidesk <= 25.01.22 - Stored Cross-Site Scripting via New Ticket Subject

CVE-2025-0971 LOW

Zenvia Movidesk < 25.01.22 - Cross-Site Scripting via Profile Editing Username Parameter

CVE-2025-0961 LOW

Job Recruitment 1.0 - Cross-Site Scripting via business_stream_name/company_website_url Parameter

CVE-2025-0871 LOW

Maybecms 1.2 - Cross-Site Scripting via data_info[content] Parameter

CVE-2025-0869 MEDIUM

Cianet ONU GW24AC <= 20250127 - Cross-Site Scripting via Login browserLang Parameter

CVE-2025-0844 MEDIUM

needyamin Library Card System 1.0 - Stored Cross-Site Scripting via Registration Page

CVE-2025-0806 MEDIUM

code-projects Job Recruitment 1.0 - XSS

CVE-2025-0800 LOW

SourceCodester Online Courseware 1.0 - XSS

CVE-2025-0795 LOW

ESAFENET CDG V5 - Cross-Site Scripting via todolistjump.jsp flowId Parameter

CVE-2025-0794 LOW

ESAFENET CDG V5 - Cross-Site Scripting via curpage Parameter in todoDetail.jsp

CVE-2025-0790 LOW

ESAFENET CDG V5 - Cross-Site Scripting via curpage Parameter in /doneDetail.jsp

CVE-2025-0787 LOW

ESAFENET CDG V5 - Cross-Site Scripting via curpage Parameter in /appDetail.jsp

CVE-2025-0785 LOW

ESAFENET CDG V5 - Cross-Site Scripting via SysConfig.jsp Help Parameter

CVE-2025-24482 HIGH

Product Version - Local Code Injection

CVE-2025-23211 CRITICAL

Tandoor Recipes < 1.5.24 - Authenticated Server-Side Template Injection via Jinja2

CVE-2025-24159 HIGH

iPadOS < 17.7.4 - Arbitrary Code Execution with Kernel Privileges

CVE-2025-0721 MEDIUM

needyamin image_gallery 1.0 - Cross-Site Scripting via Username Parameter in view.php

CVE-2025-0710 LOW

CampCodes School Management Software 1.0 - XSS

CVE-2025-0709 LOW

Dcat-Admin 2.2.1-beta - Cross-Site Scripting in Roles Page

CVE-2025-0708 LOW

fumiao opencms 2.2 - Cross-Site Scripting via Add Model Management Page Template Prefix

CVE-2025-0706 LOW

JoeyBling bootplus <247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d - XSS

CVE-2025-0581 LOW

CampCodes School Management Software 1.0 - XSS

CVE-2025-0578 LOW

Facile Sistemas Cloud Apps <20250107 - XSS

CVE-2025-0576 MEDIUM

Mobotix M15 4.3.4.83 - Cross-Site Scripting via p_qual Argument

Previous Page 83 of 261 Next

Details

Vulnerabilities 6,502

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy