CWE-94
6,542 CVEs • Abstraction: Base • Likelihood of Exploit: Medium
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVEs (6,542)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
A security flaw has been discovered in Wisencode up to 20251012. Affected by this vulnerability is an unknown functionality of the file /support-ticket/create of the component Create Support Ticket Handler. The manipulat...Show more |
A vulnerability has been found in OpenWGA 7.11.12 Build 737. This impacts an unknown function of the component Admin UI. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit h...Show more |
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of...Show more |
1Fabian 1Simple E Banking System Jun 17, 2026 Oct 27, 2025 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was determined in code-projects Simple E-Banking System 1.0. This affects an unknown part of the file /eBank/register.php. Executing manipulation of the argument Username can lead to cross site scripting....Show more |
1Projectworlds 1Expense Management System Jun 17, 2026 Oct 27, 2025 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A security vulnerability has been detected in projectworlds Expense Management System 1.0. Affected is an unknown function of the file /public/admin/expense_categories/create of the component Expense Categories Page. Suc...Show more |
1Projectworlds 1Expense Management System Jun 17, 2026 Oct 27, 2025 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A weakness has been identified in projectworlds Expense Management System 1.0. This impacts an unknown function of the file /public/admin/currencies/create of the component Currency Page. This manipulation causes cross s...Show more |
1Projectworlds 1Expense Management System Jun 17, 2026 Oct 27, 2025 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles Page. The manipulation results in cross s...Show more |
1Projectworlds 1Expense Management System Jun 17, 2026 Oct 27, 2025 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A vulnerability was identified in projectworlds Expense Management System 1.0. The impacted element is an unknown function of the file /public/admin/users/create of the component Users Page. The manipulation leads to cro...Show more |
1Projectworlds 1Gate Pass Management System Jun 17, 2026 Oct 27, 2025 2.0 LOW· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was determined in projectworlds Gate Pass Management System 1.0. The affected element is an unknown function of the file /add-pass.php. Executing a manipulation can lead to cross site scripting. The attac...Show more |
A flaw has been found in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This vulnerability affects unknown code of the file admin/contact.php. This manipulation of the argument twitter cau...Show more |
Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Remote Code Inclusion.This issue affects Paid Videochat Turnkey Site: from n/a t...Show more |
The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.5.5. This is due to the software allowing users to execute an...Show more |
A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4.3 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header whe...Show more |
Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through <= 250905. |
Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3. |
Improper Control of Generation of Code ('Code Injection') vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through <...Show more |
Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through <= 3.25. |
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can b...Show more |
An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter |
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter from...Show more |