Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,503 vulnerabilities with CWE-94

CVE-2025-0342 LOW

CampCodes Computer Laboratory Management System 1.0 - XSS

CVE-2025-0339 LOW

code-projects Online Bike Rental 1.0 - XSS

CVE-2025-22136 HIGH

Tabby < 1.0.217 - Remote Code Execution via Electron Fuses

CVE-2025-22133 CRITICAL

WeGIA < 3.2.8 - Unrestricted Upload of File with Dangerous Type via controla_xlsx.php Endpoint

CVE-2025-0301 LOW

code-projects Online Book Shop 1.0 - XSS

CVE-2025-0295 LOW

code-projects Online Book Shop 1.0 - XSS

CVE-2025-0228 LOW

Code-projects Local Storage Todo App 1.0 - XSS

CVE-2025-0220 LOW

Trimble SPS851 488.01 - Cross-Site Scripting via Hostname Argument

CVE-2025-0219 LOW

Trimble SPS851 488.01 - Cross-Site Scripting via System Name Argument

CVE-2025-0175 LOW

code-projects Online Shop 1.0 - XSS

CVE-2024-58351 CRITICAL

Flowise - Remote Code Execution via overrideConfig Parameter

CVE-2024-46507 HIGH

Yeti Platform < 2.1.12 - Server-Side Template Injection

CVE-2024-1490 HIGH

Wago: Vulnerability in WBM through Open VPN

CVE-2024-36057 CRITICAL

Koha Library <23.05.10 - Command Injection

CVE-2024-40489 CRITICAL

jeecg boot 3.0.0-3.5.3 - Code Injection

CVE-2024-13785 MEDIUM

Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution

CVE-2024-44722 CRITICAL

SysAK < 2.0 - OS Command Injection via Command Parameter

CVE-2024-55022 HIGH

Weintek cMT-3072XH2 v2.1.53 - Command Injection

CVE-2024-56373 HIGH

Airflow 2 - Privilege Escalation to RCE

CVE-2024-11976 HIGH

BuddyPress <= 14.3.3 - Unauthenticated Arbitrary Shortcode Execution via do_shortcode

CVE-2024-14020 MEDIUM

carbone < 3.5.6 - Prototype Pollution in Formatter Handler

CVE-2024-58284 HIGH

PopojiCMS 2.0.1 - Authenticated Remote Code Execution via Metadata Settings

CVE-2024-32641 CRITICAL

masacms < 7.2.8 - Unauthenticated Remote Code Execution via m Tag in criteria Parameter

CVE-2024-39148 HIGH

KerOS < 5.12 - Unauthenticated Remote Code Execution via Magic URL Validation Flaw

CVE-2024-48829 MEDIUM

Dell SmartFabric OS10 < 10.6.1.0 - Authenticated Code Injection

Previous Page 85 of 261 Next

Details

Vulnerabilities 6,503

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy