CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1295

1295 vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-53419	COMMGR Code Injection Vulnerability — COMMGR	7.8	High	2025-08-26
CVE-2025-57772	Dataease H2 JDBC RCE Bypass — dataease	9.1^AI	Critical^AI	2025-08-25
CVE-2010-20120	Maple <= v13 Maplet File Creation and Command Execution — Maple	7.8^AI	High^AI	2025-08-21
CVE-2025-30975	WordPress Add Custom Codes <= 4.80 - Arbitrary Code Execution vulnerability — Add Custom Codes	7.5	High	2025-08-20
CVE-2025-48169	WordPress Code Engine Plugin <= 0.3.3 - Remote Code Execution (RCE) Vulnerability — Code Engine	9.9	Critical	2025-08-20
CVE-2025-53577	WordPress Global DNS Plugin <= 3.1.0 - Remote Code Execution (RCE) Vulnerability — Global DNS	10.0	Critical	2025-08-20
CVE-2025-54019	WordPress Alone < 7.8.5 - Arbitrary Code Execution Vulnerability — Alone	6.5	Medium	2025-08-20
CVE-2025-55733	DeepChat One-click Remote Code Execution through Custom URL Handling — deepchat	9.7	Critical	2025-08-19
CVE-2025-8723	Cloudflare Image Resizing <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch Hook — Cloudflare Image Resizing – Optimize & Accelerate Your Images	9.8	Critical	2025-08-19
CVE-2025-8105	Soledad <= 8.6.7 - Unauthenticated Arbitrary Shortcode Execution — Soledad	7.3	High	2025-08-16
CVE-2025-8878	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	6.5	Medium	2025-08-16
CVE-2025-7961	KAP 3.6.0 - TCC Bypass — KAP	9.8^AI	Critical^AI	2025-08-15
CVE-2025-54466	Apache OFBiz: RCE Vulnerability in scrum plugin — Apache OFBiz	9.8^AI	Critical^AI	2025-08-15
CVE-2025-8905	Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call — Inpersttion For Theme	6.3	Medium	2025-08-15
CVE-2025-55192	HomeAssistant-Tapo-Control Code Injection Vulnerability in issues.yml Workflow — HomeAssistant-Tapo-Control	8.8^AI	High^AI	2025-08-14
CVE-2025-39483	WordPress Eventer plugin < 3.9.9.1 - Content Injection vulnerability — Eventer	6.5	Medium	2025-08-14
CVE-2025-49887	WordPress Product XML Feed Manager for WooCommerce Plugin <= 2.9.3 - Remote Code Execution (RCE) Vulnerability — Product XML Feed Manager for WooCommerce	9.9	Critical	2025-08-14
CVE-2025-55346	Unintended dynamic code execution leads to remote code execution by network attackers	9.8	Critical	2025-08-14
CVE-2011-10011	WeBid 1.0.2 converter.php Remote PHP Code Injection — WeBid	9.8^AI	Critical^AI	2025-08-13
CVE-2011-10013	Traq 2.0–2.3 admincp/common.php RCE — Issue Tracking System	9.8^AI	Critical^AI	2025-08-13
CVE-2011-10019	Spreecommerce < 0.60.2 Search Parameter RCE — Spreecommerce	9.8^AI	Critical^AI	2025-08-13
CVE-2025-23306	NVIDIA Megatron-LM 代码注入漏洞 — Megatron-LM	7.8	High	2025-08-13
CVE-2025-23305	NVIDIA Megatron-LM 代码注入漏洞 — Megatron-LM	7.8	High	2025-08-13
CVE-2025-23298	NVIDIA Merlin Transformers4Rec 代码注入漏洞 — NVIDIA Merlin Transformers4Rec	7.8	High	2025-08-13
CVE-2025-23296	NVIDIA Isaac-GR00T 代码注入漏洞 — NVIDIA Isaac-GR00T N1	7.8	High	2025-08-13
CVE-2025-23295	NVIDIA Apex 代码注入漏洞 — NVIDIA Apex	7.8	High	2025-08-13
CVE-2025-42957	Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise) — SAP S/4HANA (Private Cloud or On-Premise)	9.9	Critical	2025-08-12
CVE-2025-42950	Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform) — SAP Landscape Transformation (Analysis Platform)	9.9	Critical	2025-08-12
CVE-2025-42945	HTML Injection vulnerability in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAP	6.1	Medium	2025-08-12
CVE-2025-54063	Cherry Studio One-click Remote Code Execution Vulnerability through Custom URL Handling — cherry-studio	8.0	High	2025-08-11

Vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)) represent 1295 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1295