Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1295

1295 vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-33178 NVIDIA Nemo Framework 代码注入漏洞 — NeMo Framework 7.8 High2025-11-11
CVE-2025-23361 NVIDIA Nemo Framework 代码注入漏洞 — NeMo Framework 7.8 High2025-11-11
CVE-2025-23357 NVIDIA Megatron-LM 代码注入漏洞 — Megatron-LM 7.8 High2025-11-11
CVE-2025-12637 Elastic Theme Editor <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload — Elastic Theme Editor 8.8 High2025-11-11
CVE-2025-12813 Holiday class post calendar <= 7.1 - Unauthenticated Remote Code Execution via 'contents' — Holiday class post calendar 9.8 Critical2025-11-11
CVE-2025-42895 Code Injection vulnerability in SAP HANA JDBC Client — SAP HANA JDBC Client 6.9 Medium2025-11-11
CVE-2025-42887 Code Injection vulnerability in SAP Solution Manager — SAP Solution Manager 9.9 Critical2025-11-11
CVE-2025-9334 Better Find and Replace <= 1.7.7 - Authenticated (Subscriber+) Limited Code Injection — Better Find and Replace – AI-Powered Suggestions 8.8 High2025-11-08
CVE-2020-36870 Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE — RG-EG1000C 8.8 -2025-11-07
CVE-2025-49372 WordPress HAPPY plugin <= 1.0.7 - Remote Code Execution (RCE) vulnerability — HAPPY 8.8 -2025-11-06
CVE-2025-47588 WordPress Dynamic Pricing With Discount Rules for WooCommerce plugin <= 4.5.9 - Arbitrary Code Execution vulnerability — Dynamic Pricing With Discount Rules for WooCommerce 9.1 Critical2025-11-06
CVE-2025-32222 WordPress Widget Logic <= 6.0.5 - Remote Code Execution (RCE) Vulnerability — Widget Logic 9.9 Critical2025-11-06
CVE-2025-11093 Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS) — WSO2 Micro Integrator 8.4 High2025-11-05
CVE-2025-62369 Xibo CMS: Remote Code Execution through module templates — xibo-cms 7.2 High2025-11-04
CVE-2025-6990 Kallyas <= 4.24.0 - Authenticated (Contributor+) Remote Code Execution — KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme 8.8 High2025-11-01
CVE-2025-10487 Advanced Ads <= 2.0.12 - Unauthenticated Limited Code Execution — Advanced Ads – Ad Manager & AdSense 7.3 High2025-11-01
CVE-2025-34277 Nagios Log Server < 2024R1.3.1 RCE via Malformed Dashboard ID — Log Server 9.8AICriticalAI2025-10-30
CVE-2025-12266 Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection — Central Authentication Service 6.3 Medium2025-10-27
CVE-2025-62959 WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Remote Code Execution (RCE) vulnerability — Paid Videochat Turnkey Site 9.8AICriticalAI2025-10-27
CVE-2025-8483 Discussion Board – WordPress Forum Plugin <= 2.5.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution — Discussion Board – WordPress Forum Plugin 6.3 Medium2025-10-25
CVE-2025-62023 WordPress s2Member plugin <= 250905 - Remote Code Execution (RCE) vulnerability — s2Member 9.0 Critical2025-10-22
CVE-2025-60206 WordPress Alone theme <= 7.8.3 - Remote Code Execution (RCE) vulnerability — Alone 9.8AICriticalAI2025-10-22
CVE-2025-52756 WordPress WP Last Modified Info plugin <= 1.9.4 - Remote Code Execution (RCE) vulnerability — WP Last Modified Info 9.8AICriticalAI2025-10-22
CVE-2025-49926 WordPress Kalium theme <= 3.25 - Arbitrary Code Execution vulnerability — Kalium 7.2 High2025-10-22
CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat — danny-avila/librechat 6.1AIMediumAI2025-10-22
CVE-2025-62429 ClipBucket v5 executes arbitrary PHP code — clipbucket-v5 7.2 High2025-10-20
CVE-2025-11905 yanyutao0402 ChanCMS gather.js getArticle code injection — ChanCMS 6.3 Medium2025-10-17
CVE-2025-62416 bagisto - Server Side Template Injection (SSTI) in Product Description — bagisto 5.1 Medium2025-10-16
CVE-2025-11548 ibi WebFOCUS - Unauthenticated RCE Vulnerability — WebFOCUS 9.8AICriticalAI2025-10-14
CVE-2025-31365 Fortinet FortiClientMac 代码注入漏洞 — FortiClientMac 5.5 Medium2025-10-14

Vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)) represent 1295 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.