CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1295

1295 vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-46581	ZTE ZXCDN product has a Struts RCE Vulnerability — ZXCDN	9.8	Critical	2025-10-14
CVE-2025-41699	Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers — CHARX SEC-3150	8.8	High	2025-10-14
CVE-2025-42901	Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser) — SAP Application Server for ABAP (BAPI Browser)	5.4	Medium	2025-10-14
CVE-2025-61929	Cherry Studio allows one-click on a specific URL to cause a command to execute — cherry-studio	9.7	Critical	2025-10-10
CVE-2025-61927	Happy-DOM has VM Context Escape — happy-dom	9.0^AI	Critical^AI	2025-10-10
CVE-2025-11539	Arbitrary Code Execution in Grafana Image Renderer Plugin — grafana-image-renderer	9.9	Critical	2025-10-09
CVE-2025-61774	PyVista has Dependency Confusion Vulnerability in that leads to RCE — pyvista	9.8^AI	Critical^AI	2025-10-06
CVE-2025-11344	ILIAS Certificate Import code injection — ILIAS	6.3	Medium	2025-10-06
CVE-2025-54374	Eidos: One-click Remote Code Execution through Custom URL Handling — eidos	8.8	High	2025-10-03
CVE-2025-46818	Redis: Authenticated users can execute LUA scripts as a different user — redis	6.0	Medium	2025-10-03
CVE-2025-61590	Cursor is vulnerable to RCE via .code-workspace files using Prompt Injection — cursor	7.5	High	2025-10-03
CVE-2025-59536	Claude Code's startup trust dialog could lead to Command Execution attack — claude-code	8.8^AI	High^AI	2025-10-03
CVE-2025-61588	risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read` — risc0	8.8^AI	High^AI	2025-10-01
CVE-2025-59954	Knowage Contains a Remote Code Execution Vulnerability — Knowage-Server	9.8	-	2025-09-29
CVE-2025-60114	WordPress YayCurrency plugin <= 3.3.1 - Remote Code Execution (RCE) vulnerability — YayCurrency	6.6	Medium	2025-09-26
CVE-2025-10993	MuYuCMS Template Management admin.php code injection — MuYuCMS	4.7	Medium	2025-09-26
CVE-2025-59823	Gardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioning — gardener-extension-provider-aws	7.2^AI	High^AI	2025-09-25
CVE-2025-23354	NVIDIA Megatron-LM 代码注入漏洞 — Megatron-LM	7.8	High	2025-09-24
CVE-2025-23353	NVIDIA Megatron-LM 代码注入漏洞 — Megatron-LM	7.8	High	2025-09-24
CVE-2025-23349	NVIDIA Megatron-LM 代码注入漏洞 — Megatron-LM	7.8	High	2025-09-24
CVE-2025-23348	NVIDIA Megatron-LM 代码注入漏洞 — Megatron-LM	7.8	High	2025-09-24
CVE-2025-5717	Authenticated Remote Code Execution in Multiple WSO2 Products via Event Processor Admin Service — WSO2 API Manager	6.8	Medium	2025-09-23
CVE-2025-9321	WPCasa <= 1.4.1 - Unauthenticated Code Injection — WPCasa	9.8	Critical	2025-09-23
CVE-2025-59528	Flowise has Remote Code Execution vulnerability — Flowise	10.0	Critical	2025-09-22
CVE-2025-58673	WordPress WP User Frontend Plugin <= 4.1.12 - Content Injection Vulnerability — WP User Frontend	5.4	Medium	2025-09-22
CVE-2025-58766	Dyad Vulnerable to Remote Code Execution via Top-level Navigation in Preview Window — dyad	9.1	Critical	2025-09-17
CVE-2025-10057	WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection — WP Import – Ultimate CSV XML Importer for WordPress	8.8	High	2025-09-17
CVE-2025-10394	fcba_zzm ics-park Smart Park Management System Scheduled Task JobController.java code injection — ics-park Smart Park Management System	4.7	Medium	2025-09-14
CVE-2025-59053	AIRI's character card/chat UI is vulnerable to XSS and can lead to RCE — airi	9.7	Critical	2025-09-11
CVE-2025-8417	Catalog Importer, Scraper & Crawler <= 5.1.4 - Unauthenticated PHP Code Injection — Catalog Importer, Scraper & Crawler	8.1	High	2025-09-11

Vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)) represent 1295 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1295