CWE-94— Improper Control of Generation of Code (Code Injection)
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.— MITRE CWE catalog
6,491 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-94page 102 of 130
- CVE-2025-34277CRITICALCVSS 9.8EG 9.82025-10-30
Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard…
- CVE-2025-34433CRITICALCVSS 9.3EG 9.32025-12-19
AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid(). The installation timestamp is exposed via a public endpoint, a…
- CVE-2025-3472MEDIUMCVSS 6.5EG 6.52025-04-22
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before…
- CVE-2025-3489MEDIUMCVSS 4.3EG 4.32025-04-10
A vulnerability was found in Nababur Simple-User-Management-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument name/username leads …
- CVE-2025-3491HIGHCVSS 7.2EG 7.22025-04-26
The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'acpt_validate_setting' function. This is due to insufficient saniti…
- CVE-2025-35036HIGHCVSS 7.3EG 7.32025-06-03
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive informati…
- CVE-2025-3509HIGHCVSS 7.2EG 7.22025-04-17
A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and syste…
- CVE-2025-3531MEDIUMCVSS 4.3EG 4.32025-04-13
A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting.…
- CVE-2025-3532MEDIUMCVSS 4.3EG 4.32025-04-13
A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross s…
- CVE-2025-3533MEDIUMCVSS 4.3EG 4.32025-04-13
A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent …
- CVE-2025-3554MEDIUMCVSS 4.3EG 4.32025-04-14
A vulnerability was found in phpshe 1.8. It has been rated as problematic. This issue affects some unknown processing of the file api.php?mod=cron&act=buyer. The manipulation of the argument act leads to cross site scripting. The attack ma…
- CVE-2025-3560LOWCVSS 3.5EG 3.52025-04-14
A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /product. The manipulation of the argument product_name leads to cross site scripting. The attac…
- CVE-2025-3563MEDIUMCVSS 4.7EG 4.72025-04-14
A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation…
- CVE-2025-3568LOWCVSS 3.5EG 3.52025-04-14
A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipu…
- CVE-2025-3570LOWCVSS 3.5EG 3.52025-04-14
A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0. It has been classified as problematic. This affects the function Save of the file ContentController.java. The manipulation of the argument content leads to cross sit…
- CVE-2025-3579CRITICALCVSS 9.3EG 9.32025-04-15
In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system (Unix) commands, interacting with intern…
- CVE-2025-3591LOWCVSS 3.5EG 3.52025-04-14
A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/v1/blog/edit. The manipulation leads to cross site scripting. Th…
- CVE-2025-3592LOWCVSS 3.5EG 3.52025-04-14
A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to…
- CVE-2025-36014HIGHCVSS 8.2EG 8.22025-07-07
IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.
- CVE-2025-3612MEDIUMCVSS 4.3EG 4.32025-04-15
A vulnerability, which was classified as problematic, was found in Demtec Graphytics 5.0.7. This affects an unknown part of the file /visualization of the component HTTP GET Parameter Handler. The manipulation leads to cross site scripting…
- CVE-2025-3613LOWCVSS 3.5EG 3.52025-04-15
A vulnerability has been found in Demtec Graphytics 5.0.7 and classified as problematic. This vulnerability affects unknown code of the file /visualization. The manipulation of the argument description leads to cross site scripting. The at…
- CVE-2025-3641HIGHCVSS 8.8EG 8.82025-04-25
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.
- CVE-2025-3642HIGHCVSS 8.8EG 8.82025-04-25
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.
- CVE-2025-3688LOWCVSS 2.4EG 2.42025-04-16
A vulnerability, which was classified as problematic, was found in mirweiye Seven Bears Library CMS 2023. This affects an unknown part of the component Background Management Page. The manipulation leads to cross site scripting. It is possi…
- CVE-2025-3692LOWCVSS 2.4EG 2.42025-04-16
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product. The manipulation lead…
- CVE-2025-36938MEDIUMCVSS 6.8EG 5.12025-12-11
In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for e…
- CVE-2025-37099CRITICALCVSS 9.8EG 9.82025-07-01
A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
- CVE-2025-37105HIGHCVSS 7.5EG 7.52025-07-16
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
- CVE-2025-37157MEDIUMCVSS 6.7EG 6.72025-11-18
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
- CVE-2025-37164CRITICALCVSS 10.0EG 10.0⚠ KEV2025-12-16
A remote code execution issue exists in HPE OneView.
- CVE-2025-3753HIGHCVSS 7.8EG 7.82025-07-17
A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsaniti…
- CVE-2025-3776HIGHCVSS 8.3EG 8.32025-04-24
The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvr_ajax_handler' function. This is due to a lack of validation on the type of …
- CVE-2025-3788LOWCVSS 3.5EG 3.52025-04-18
A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /a/sys/user/save. The manipulation of the argument Name leads to cross site scripti…
- CVE-2025-3789LOWCVSS 3.5EG 3.52025-04-18
A vulnerability was found in baseweb JSite 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /a/sys/area/save. The manipulation of the argument Name leads to cross site scripting. The a…
- CVE-2025-3795LOWCVSS 2.4EG 2.42025-04-18
A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO Optimization Settings Section. The manipulation leads to cross site scripting. The atta…
- CVE-2025-3801LOWCVSS 2.4EG 2.42025-04-19
A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Foo…
- CVE-2025-3806LOWCVSS 2.4EG 2.42025-04-19
A vulnerability, which was classified as problematic, has been found in dazhouda lecms up to 3.0.3. Affected by this issue is some unknown functionality of the file /admin of the component Edit Profile Handler. The manipulation leads to cr…
- CVE-2025-3821LOWCVSS 2.4EG 2.42025-04-20
A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassw…
- CVE-2025-3822LOWCVSS 2.4EG 2.42025-04-20
A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txt…
- CVE-2025-3823LOWCVSS 2.4EG 2.42025-04-20
A vulnerability classified as problematic has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file add-stock.php. The manipulation of the argument txttotalcost/txtproduc…
- CVE-2025-3824LOWCVSS 2.4EG 2.42025-04-20
A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argumen…
- CVE-2025-3825LOWCVSS 2.4EG 2.42025-04-20
A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown functionality of the file add-category.php. The manipulation of…
- CVE-2025-3826LOWCVSS 2.4EG 2.42025-04-20
A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsupplier_nam…
- CVE-2025-3841LOWCVSS 3.3EG 3.32025-04-21
A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation…
- CVE-2025-3842MEDIUMCVSS 6.3EG 6.32025-04-21
A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function uploadUserPic.action of the file src/com/phn/action/FileUpload.java. The manipulation of the argument fileUpload leads to code i…
- CVE-2025-39483MEDIUMCVSS 6.5EG 6.52025-08-14
Improper Control of Generation of Code ('Code Injection') vulnerability in imithemes Eventer eventer allows Code Injection.This issue affects Eventer: from n/a through < 3.9.9.1.
- CVE-2025-3958LOWCVSS 3.5EG 3.52025-04-27
A vulnerability was found in withstars Books-Management-System 1.0. It has been classified as problematic. Affected is an unknown function of the file /book_edit_do.html of the component Book Edit Page. The manipulation of the argument Nam…
- CVE-2025-3961LOWCVSS 3.5EG 3.52025-04-27
A vulnerability classified as problematic has been found in withstars Books-Management-System 1.0. This affects an unknown part of the file /admin/article/add/do. The manipulation of the argument Title leads to cross site scripting. It is …
- CVE-2025-3962LOWCVSS 3.5EG 3.52025-04-27
A vulnerability classified as problematic was found in withstars Books-Management-System 1.0. This vulnerability affects unknown code of the file /api/comment/add of the component Comment Handler. The manipulation of the argument content l…
- CVE-2025-3965LOWCVSS 3.5EG 3.52025-04-27
A vulnerability has been found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /article/app/post. The manipulation of the argument content leads to cross sit…
Map vulnerabilities like CWE-94 to your infrastructure
EchelonGraph correlates every CVE — across CWE-94 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →