Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,458 vulnerabilities with CWE-94

CVE-2026-8253 LOW

Devs Palace ERP Online purchase_save cross site scripting

CVE-2026-8221 LOW

Devs Palace ERP Online item-save cross site scripting

CVE-2026-8220 LOW

Devs Palace ERP Online customer-save cross site scripting

CVE-2026-8219 LOW

Devs Palace ERP Online supplier-save cross site scripting

CVE-2026-8218 LOW

Devs Palace ERP Online purchase_return_save cross site scripting

CVE-2026-8211 MEDIUM

codelibs Fess JSP File AdminDesignAction.java update code injection

CVE-2026-8195 MEDIUM

JeecgBoot SVG File CommonController.java cross site scripting

CVE-2026-42301 HIGH

Improper Input Validation leading to Improper Control of Generation of Code ('Code Injection') in pyp2spec

CVE-2026-42298 CRITICAL

Postiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev

CVE-2026-41486 HIGH

Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

CVE-2026-29202 HIGH

cPanel 11.86.0.0-11.136.0.8 - Authenticated Perl Code Injection via create_user Plugin

CVE-2026-44336 CRITICAL

PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection

CVE-2026-44334 HIGH

PraisonAI: Unauthenticated RCE via `tool_override.py`

CVE-2026-41512 CRITICAL

Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService`

CVE-2026-41507 CRITICAL

Remote Code Execution (RCE) via String Literal Injection into math-codegen

CVE-2026-25077 HIGH

Apache CloudStack: Unauthenticated Command Injection in Direct Download Templates

CVE-2026-8136 LOW

SourceCodester Pharmacy Sales and Inventory System index.php users cross site scripting

CVE-2026-43944 CRITICAL

electerm: dangerous code can be run through links or command line

CVE-2026-41900 HIGH

OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

CVE-2026-41645 MEDIUM

Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

CVE-2026-8117 MEDIUM

SourceCodester Pizzafy Ecommerce System index.php cross site scripting

CVE-2026-41692 MEDIUM

i18nextify is vulnerable to DOM XSS via javascript:/data: URL schemes in translated href/src attributes

CVE-2026-44244 HIGH

GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath

CVE-2026-42214 HIGH

Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext

CVE-2026-36458 CRITICAL

ChestnutCMS v1.5.10 - SQL Injection

Previous Page 9 of 259 Next

Details

Vulnerabilities 6,458

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy