Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,503 vulnerabilities with CWE-94

CVE-2025-0576 MEDIUM

Mobotix M15 4.3.4.83 - Cross-Site Scripting via p_qual Argument

CVE-2025-0560 LOW

CampCodes School Management Software 1.0 - XSS

CVE-2025-0559 LOW

Campcodes School Management Software 1.0 - XSS

CVE-2025-0557 MEDIUM

Hyland Alfresco Community and Enterprise Edition < 6.2.2 - Cross-Site Scripting in URL Handler

CVE-2025-23209 HIGH KEV

Craft CMS 4.0.0-4.13.7 and 5.0.0-RC1-5.5.7 - Remote Code Execution via Compromised Security Key

CVE-2025-0538 LOW

Tourism Management System 1.0 - XSS

CVE-2025-0537 LOW

code-projects Car Rental Management System 1.0 - XSS

CVE-2025-0530 LOW

Code-projects Job Recruitment 1.0 - XSS

CVE-2025-22906 CRITICAL

Edimax RE11S v1.11 - OS Command Injection via L2TPUserName Parameter

CVE-2025-22905 CRITICAL

Edimax RE11S Firmware 1.11 - OS Command Injection via /goform/mp Command Parameter

CVE-2025-0485 LOW

native-php-cms 1.0 - Cross-Site Scripting via info Parameter in sysconfig_doedit.php

CVE-2025-0483 LOW

native-php-cms 1.0 - Cross-Site Scripting via /fladmin/jump.php Message/Error Parameter

CVE-2025-22968 CRITICAL

D-Link DWR-M972V 1.05SSG - Unauthenticated Remote Code Execution via SSH Root Access

CVE-2025-23061 CRITICAL

mongoose < 6.13.6 and 8.0.0-rc0-8.9.5 - Search Injection via Nested $where Filter with Populate Match

CVE-2025-23051 HIGH

AOS-8/10 - Authenticated Code Injection

CVE-2025-21292 HIGH

Windows 10/11, Server 2019/2022/2025 - Elevation of Privilege via Search Service

CVE-2025-21187 HIGH

Microsoft Power Automate for Desktop 2.46-2.46.184.25013 - Remote Code Execution

CVE-2025-0464 LOW

SourceCodester Task Reminder System 1.0 - XSS

CVE-2025-0458 MEDIUM

Virtual Computer Vysual RH Solution 2024.12.1 - XSS

CVE-2025-0060 MEDIUM

SAP BusinessObjects - Code Injection

CVE-2025-0400 LOW

starsea-mall 1.0 - Cross-Site Scripting via /admin/categories/update categoryName Parameter

CVE-2025-0398 LOW

longpi1 warehouse 1.0 - Cross-Site Scripting via Remark Parameter

CVE-2025-0397 LOW

reckcn SPPanAdmin 1.0 - Cross-Site Scripting via /admin/role/edit Name Parameter

CVE-2025-22152 CRITICAL

Atheos < 600 - Path Traversal and Arbitrary File Write via $path and $target Parameters

CVE-2025-0348 LOW

CampCodes DepEd Equipment Inventory System 1.0 - XSS

Previous Page 84 of 261 Next

Details

Vulnerabilities 6,503

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy