Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1295

1295 vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-33233 NVIDIA Merlin Transformers4Rec 代码注入漏洞 — Merlin Transformers4Rec 7.8 High2026-01-20
CVE-2026-23852 SiYuan vulnerable to Stored XSS / RCE via `setBlockAttrs` icon attribute — siyuan 8.2AIHighAI2026-01-19
CVE-2026-23733 Lobe Chat has Cross-Site Scripting (XSS) issue that may escalate to Remote Code Execution (RCE) — lobe-chat 6.4 Medium2026-01-18
CVE-2026-23742 Skipper arbitrary code execution through lua filters — skipper 8.8 High2026-01-16
CVE-2026-23523 Dive allows One-click Remote Code Execution through Deep Links for MCP Install — Dive 9.7 Critical2026-01-16
CVE-2025-64691 AVEVA Process Optimization Code Injection — Process Optimization 8.8 High2026-01-16
CVE-2025-61937 AVEVA Process Optimization Code Injection — Process Optimization 10.0 Critical2026-01-16
CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views — shopware 7.2 High2026-01-14
CVE-2022-50806 4images 1.9 - Remote Command Execution (RCE) — 4images 7.2 High2026-01-13
CVE-2026-22869 Eigent Allows Arbitrary Code Execution via pull_request_target CI Workflow — eigent 8.8AIHighAI2026-01-13
CVE-2025-41717 Config-Upload Code Injection — TC ROUTER 3002T-3G 8.8 High2026-01-13
CVE-2026-0500 Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation) — SAP Wily Introscope Enterprise Manager (WorkStation) 9.6 Critical2026-01-13
CVE-2026-0498 Code Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise) — SAP S/4HANA (Private Cloud and On-Premise) 9.1 Critical2026-01-13
CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation — SAP Landscape Transformation 9.1 Critical2026-01-13
CVE-2026-22771 Envoy Extension Policy lua scripts injection causes arbitrary command execution — gateway 8.8 High2026-01-12
CVE-2026-22584 Salesforce Uni2TS 安全漏洞 — Uni2TS 9.8 -2026-01-09
CVE-2020-36875 AccessAlly < 3.3.2 Unauthenticated Arbitrary PHP Code Execution — AccessAlly 9.8 -2026-01-09
CVE-2026-21877 n8n is vulnerable to Remote Code Execution via Arbitrary File Write — n8n 10.0 Critical2026-01-08
CVE-2025-55204 muffon has One-click Remote Code Execution via XSS and Custom URL Handling — muffon 8.8 High2026-01-05
CVE-2025-11837 Malware Remover — Malware Remover 9.8 -2026-01-02
CVE-2025-68619 Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package — signalk-server 9.1 -2026-01-01
CVE-2025-15394 iCMS POST Parameter ConfigAdmincp.php save code injection — iCMS 4.7 Medium2025-12-31
CVE-2025-15393 Kohana KodiCMS Layout API Endpoint file.php save code injection — KodiCMS 6.3 Medium2025-12-31
CVE-2025-15250 08CMS Novel System Template mtpls.inc.php code injection — Novel System 4.7 Medium2025-12-30
CVE-2025-14509 Lucky Wheel for WooCommerce – Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags — Lucky Wheel for WooCommerce – Spin a Sale 7.2 High2025-12-30
CVE-2025-13592 Advanced Ads <= 2.0.14 - Authenticated (Editor+) Remote Code Execution via Shortcode — Advanced Ads – Ad Manager & AdSense 7.2 High2025-12-29
CVE-2025-68897 WordPress IF AS Shortcode plugin <= 1.2 - Remote Code Execution (RCE) vulnerability — IF AS Shortcode 9.9 Critical2025-12-29
CVE-2025-15148 CmsEasy Backend Template Management template_admin.php savetemp_action code injection — CmsEasy 4.7 Medium2025-12-28
CVE-2025-15130 shanyu SyCms Administrative Panel FileManageController.class.php addPost code injection — SyCms 4.7 Medium2025-12-28
CVE-2025-15129 ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.php upload code injection — Lin-CMS-TP5 6.3 Medium2025-12-28

Vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)) represent 1295 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.