CWE-94— Improper Control of Generation of Code (Code Injection)
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.— MITRE CWE catalog
6,502 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-94page 114 of 131
- CVE-2025-9105MEDIUMCVSS 5.4EG 3.52025-08-18
A vulnerability has been found in Portabilis i-Diario up to 1.5.0. The impacted element is an unknown function of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informações Adicionais Page. Such manipulation of th…
- CVE-2025-9106MEDIUMCVSS 5.4EG 3.52025-08-18
A vulnerability was found in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing manipulation of the argument Parecer/Co…
- CVE-2025-9107MEDIUMCVSS 6.1EG 4.32025-08-18
A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/search_autocomplete. Executing manipulation of the argument q can lead to cross site scripting. The attack may be perfo…
- CVE-2025-9119LOWCVSS 2.4EG 2.42025-08-18
A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input <img/src/onerror=prompt…
- CVE-2025-9120NONECVSS 0.0EG 8.62026-02-24
Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. The vulnerability could be exploited through an open port, potentially allowing unauthorized acce…
- CVE-2025-9137MEDIUMCVSS 4.8EG 3.52025-08-19
A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduled_events.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploi…
- CVE-2025-9138MEDIUMCVSS 5.4EG 3.52025-08-19
A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remote…
- CVE-2025-9143MEDIUMCVSS 5.4EG 3.52025-08-19
A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailing_lists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. It is possible to launch the att…
- CVE-2025-9144MEDIUMCVSS 5.4EG 3.52025-08-19
A weakness has been identified in Scada-LTS 2.7.8.1. This vulnerability affects unknown code of the file publisher_edit.shtm. This manipulation of the argument Name causes cross site scripting. The attack can be initiated remotely. The exp…
- CVE-2025-9145MEDIUMCVSS 5.4EG 3.52025-08-19
A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file view_edit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross si…
- CVE-2025-9147MEDIUMCVSS 6.1EG 3.52025-08-19
A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the argument view leads to cross site scriptin…
- CVE-2025-9167MEDIUMCVSS 5.4EG 3.52025-08-19
A vulnerability has been found in SolidInvoice up to 2.4.0. This vulnerability affects unknown code of the file /invoice/recurring of the component Recurring Invoice Module. The manipulation of the argument client name leads to cross site …
- CVE-2025-9168MEDIUMCVSS 5.4EG 3.52025-08-19
A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. …
- CVE-2025-9169MEDIUMCVSS 5.4EG 3.52025-08-19
A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the a…
- CVE-2025-9170MEDIUMCVSS 5.4EG 3.52025-08-19
A vulnerability was identified in SolidInvoice up to 2.4.0. The affected element is an unknown function of the file /tax/rates of the component Tax Rates Module. Such manipulation of the argument Name leads to cross site scripting. The att…
- CVE-2025-9171MEDIUMCVSS 5.4EG 3.52025-08-19
A security flaw has been discovered in SolidInvoice up to 2.4.0. The impacted element is an unknown function of the file /clients of the component Clients Module. Performing manipulation of the argument Name results in cross site scripting…
- CVE-2025-9233MEDIUMCVSS 5.4EG 3.52025-08-20
A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file view_edit.shtm. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is po…
- CVE-2025-9234MEDIUMCVSS 5.4EG 3.52025-08-20
A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenance_events.shtm. The manipulation of the argument Alias results in cross site scripting. The attack can be executed re…
- CVE-2025-9235MEDIUMCVSS 5.4EG 3.52025-08-20
A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compound_events.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out re…
- CVE-2025-9237MEDIUMCVSS 5.4EG 3.52025-08-20
A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username resu…
- CVE-2025-9306MEDIUMCVSS 5.4EG 3.52025-08-21
A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/notice/addNotice. The manipulation of the argument noticeSubject results in cross site…
- CVE-2025-9321CRITICALCVSS 9.8EG 9.82025-09-23
The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'api_requests' function. This makes it possible for unauthenti…
- CVE-2025-9334HIGHCVSS 8.8EG 8.82025-11-08
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Limited Code Injection in all versions up to, and including, 1.7.7. This is due to insufficient input validation and restriction on the 'rtafar_aj…
- CVE-2025-9388MEDIUMCVSS 5.4EG 3.52025-08-24
A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watch_list.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remo…
- CVE-2025-9404MEDIUMCVSS 5.4EG 2.42025-08-25
A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. I…
- CVE-2025-9407MEDIUMCVSS 5.4EG 3.52025-08-25
A flaw has been found in mtons mblog up to 3.5.0. Affected by this vulnerability is an unknown functionality of the file /settings/profile. Executing manipulation of the argument signature can lead to cross site scripting. The attack may b…
- CVE-2025-9416LOWCVSS 2.4EG 2.42025-08-25
A security flaw has been discovered in oitcode samarium up to 0.9.6. This vulnerability affects unknown code of the file /cms/webpage/ of the component Pages Image Handler. The manipulation results in cross site scripting. The attack may b…
- CVE-2025-9422MEDIUMCVSS 5.4EG 2.42025-08-25
A vulnerability was found in oitcode samarium up to 0.9.6. This impacts an unknown function of the file /dashboard/team of the component Team Image Handler. The manipulation results in cross site scripting. The attack may be launched remot…
- CVE-2025-9429MEDIUMCVSS 5.4EG 3.52025-08-26
A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scri…
- CVE-2025-9430MEDIUMCVSS 4.8EG 2.42025-08-26
A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the att…
- CVE-2025-9431MEDIUMCVSS 6.1EG 4.32025-08-26
A flaw has been found in mtons mblog up to 3.5.0. Impacted is an unknown function of the file /search. This manipulation of the argument kw causes cross site scripting. The attack can be initiated remotely. The exploit has been published a…
- CVE-2025-9432MEDIUMCVSS 6.1EG 4.32025-08-26
A vulnerability has been found in mtons mblog up to 3.5.0. The affected element is an unknown function of the file /admin/post/list of the component Admin Panel. Such manipulation of the argument Title leads to cross site scripting. The at…
- CVE-2025-9433MEDIUMCVSS 6.1EG 4.32025-08-26
A vulnerability was found in mtons mblog up to 3.5.0. The impacted element is an unknown function of the file /admin/user/list of the component Admin Panel. Performing manipulation of the argument Name results in cross site scripting. The …
- CVE-2025-9434MEDIUMCVSS 6.1EG 4.32025-08-26
A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edit_title.php?id=1. Executing manipulation of the argument desc can lead to cro…
- CVE-2025-9438MEDIUMCVSS 6.1EG 4.32025-08-26
A security flaw has been discovered in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected is an unknown function of the file /admin/add_student.php. The manipulation of the argument address results in cross s…
- CVE-2025-9439MEDIUMCVSS 6.1EG 4.32025-08-26
A weakness has been identified in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this vulnerability is an unknown functionality of the file /rse/admin/edit_faculty.php?id=2. This manipulation of the ar…
- CVE-2025-9440MEDIUMCVSS 6.1EG 4.32025-08-26
A security vulnerability has been detected in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_title.php. Such manipulation of the argument…
- CVE-2025-9489MEDIUMCVSS 5.0EG 5.02025-09-09
The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly …
- CVE-2025-9517HIGHCVSS 7.2EG 7.22025-09-04
The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it…
- CVE-2025-9519HIGHCVSS 7.2EG 7.22025-09-04
The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for…
- CVE-2025-9539HIGHCVSS 8.0EG 8.02025-09-09
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the automatorwp_ajax_imp…
- CVE-2025-9590LOWCVSS 3.5EG 3.52025-08-28
A vulnerability was identified in Weaver E-Mobile Mobile Management Platform up to 20250813. Affected by this vulnerability is an unknown functionality. The manipulation of the argument gohome leads to cross site scripting. The attack can …
- CVE-2025-9591LOWCVSS 2.4EG 2.42025-08-28
A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads t…
- CVE-2025-9595MEDIUMCVSS 6.1EG 4.32025-08-29
A vulnerability was found in code-projects Student Information Management System 1.0. The impacted element is an unknown function of the file /login.php. The manipulation of the argument uname results in cross site scripting. The attack ma…
- CVE-2025-9646MEDIUMCVSS 5.4EG 3.52025-08-29
A security flaw has been discovered in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_organization_assemble_personal/jaxrs/definition/calendarConfig. The manipulation of the argument toMonthViewName results in …
- CVE-2025-9647MEDIUMCVSS 6.1EG 4.32025-08-29
A weakness has been identified in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/role/list. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. T…
- CVE-2025-9652MEDIUMCVSS 5.4EG 3.52025-08-29
A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argu…
- CVE-2025-9653MEDIUMCVSS 5.4EG 3.52025-08-29
A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the arg…
- CVE-2025-9655MEDIUMCVSS 5.4EG 3.52025-08-29
A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /x_organization_assemble_control/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can l…
- CVE-2025-9656MEDIUMCVSS 6.1EG 4.32025-08-29
A security vulnerability has been detected in PHPGurukul Directory Management System 2.0. This vulnerability affects unknown code of the file /admin/add-directory.php. The manipulation of the argument fullname leads to cross site scripting…
Map vulnerabilities like CWE-94 to your infrastructure
EchelonGraph correlates every CVE — across CWE-94 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →