CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1295

1295 vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-36014	IBM Integration Bus for z/OS code injection — Integration Bus	8.2	High	2025-07-07
CVE-2025-7101	BoyunCMS Configuration File install_ok.php code injection — BoyunCMS	6.3	Medium	2025-07-07
CVE-2025-49302	WordPress Easy Stripe plugin <= 1.1 - Remote Code Execution (RCE) Vulnerability — Easy Stripe	10.0	Critical	2025-07-04
CVE-2025-52718	WordPress Alone theme <= 7.8.2 - Arbitrary Code Execution Vulnerability — Alone	7.2	High	2025-07-04
CVE-2025-34086	Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename — CMS	8.8^AI	High^AI	2025-07-03
CVE-2025-34061	PHPStudy 2016-2018 Backdoor Remote Code Execution Vulnerability — PHPStudy	9.8^AI	Critical^AI	2025-07-03
CVE-2025-34079	NSClient++ Authenticated Remote Code Execution via ExternalScripts API — NSClient++	7.2^AI	High^AI	2025-07-02
CVE-2025-34074	Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write — Lucee	7.2^AI	High^AI	2025-07-02
CVE-2025-49029	WordPress Custom Login And Signup Widget plugin <= 1.0 - Arbitrary Code Execution vulnerability — Custom Login And Signup Widget	9.1	Critical	2025-07-01
CVE-2025-49521	Event-driven-ansible: template injection via git branch and refspec in eda projects — Red Hat Ansible Automation Platform 2.5 for RHEL 8	8.8	High	2025-06-30
CVE-2025-28993	WordPress Content No Cache plugin <= 0.1.4 - Arbitrary Function Call vulnerability — Content No Cache	8.6	High	2025-06-27
CVE-2025-53002	LLaMA-Factory Remote Code Execution (RCE) Vulnerability — LLaMA-Factory	8.3	High	2025-06-26
CVE-2025-23265	NVIDIA Megatron-LM 代码注入漏洞 — Megatron LM	7.8	High	2025-06-24
CVE-2025-23264	NVIDIA Megatron-LM 代码注入漏洞 — Megatron LM	7.8	High	2025-06-24
CVE-2025-6512	Scripts within reports executable on BRAIN2 Server — BRAIN2	10.0	Critical	2025-06-23
CVE-2025-49132	Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution — panel	10.0	Critical	2025-06-20
CVE-2025-32798	Conda-build Allows Arbitrary Code Execution via Malicious Recipe Selectors — conda-build	8.8^AI	High^AI	2025-06-16
CVE-2025-5309	Remote Support & Privileged Remote Access server side template injection — Remote support & Privileged Remote Access	8.8^AI	High^AI	2025-06-16
CVE-2025-49581	XWiki allows remote code execution through default value of wiki macro wiki-type parameters — xwiki-platform	8.8^AI	High^AI	2025-06-13
CVE-2025-29902	Telex Remote Dispatch Console Server和RTS VLink Virtual Matrix Software 安全漏洞 — Remote Dispatch Console Server	10.0	Critical	2025-06-13
CVE-2025-30085	Extension - rsjoomla.com - Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla — RSform!Pro component for Joomla	7.2^AI	High^AI	2025-06-11
CVE-2025-48123	WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Remote Code Execution (RCE) Vulnerability — Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light	10.0	Critical	2025-06-09
CVE-2025-48140	WordPress MetalpriceAPI plugin <= 1.1.4 - Remote Code Execution (RCE) Vulnerability — MetalpriceAPI	9.9	Critical	2025-06-09
CVE-2025-49013	WilderForge vulnerable to code Injection via GitHub Actions Workflows — WilderForge	10.0	Critical	2025-06-09
CVE-2025-49250	WordPress Team Showcase plugin < 25.05.13 - Arbitrary Shortcode Execution vulnerability — Team Showcase	4.3	Medium	2025-06-06
CVE-2025-41365	Code injection vulnerability in IDF and ZLF — IDF and ZLF	8.0^AI	High^AI	2025-06-06
CVE-2025-41362	Code injection vulnerability in IDF and ZLF — IDF and ZLF	8.0^AI	High^AI	2025-06-06
CVE-2025-35036	hibernate-validator insecure default Expression Language interpolation — Hibernate Validator	7.3	High	2025-06-03
CVE-2025-25021	IBM QRadar Suite Software and IBM Cloud Pak for Security code injection — QRadar Suite Software	7.2	High	2025-06-03
CVE-2025-48390	FreeScout Vulnerable to Remote Code Execution (RCE) — freescout	7.2^AI	High^AI	2025-05-29

Vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)) represent 1295 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1295