Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-94 (对生成代码的控制不恰当(代码注入)) — Vulnerability Class 1295

1295 vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-68952 1-click Remote Code Execution (RCE) vulnerability in Eigent — eigent 9.6 -2025-12-27
CVE-2025-13773 Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Unauthenticated Remote Code Execution — Print Invoice & Delivery Notes for WooCommerce 9.8 Critical2025-12-24
CVE-2025-14928 Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability — Transformers 8.8AIHighAI2025-12-23
CVE-2025-14926 Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability — Transformers 8.8AIHighAI2025-12-23
CVE-2025-14927 Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability — Transformers 8.8AIHighAI2025-12-23
CVE-2021-47736 CMSimple_XH 1.7.4 Authenticated Remote Code Execution via Content Editing — CMSimple_XH 7.2 High2025-12-23
CVE-2021-47735 CMSimple 5.4 Authenticated Remote Code Execution via Template Editing — Cmsimple 8.8 High2025-12-23
CVE-2025-66580 Dive has Cross-Site Scripting vulnerability that can escalate to Remote Code Execution — Dive 9.7 Critical2025-12-19
CVE-2025-34433 AVideo < 20.1 Unauthenticated RCE via Predictable Installation Salt — AVideo 9.8AICriticalAI2025-12-19
CVE-2025-65037 Azure Container Apps Remote Code Execution Vulnerability — Azure Container Apps 10.0 Critical2025-12-18
CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File — Codigo Markdown Editor 7.8 High2025-12-18
CVE-2025-68278 tinacms vulnerable to arbitrary code execution — tinacms 9.8AICriticalAI2025-12-18
CVE-2025-66078 WordPress Hotel Booking Lite plugin <= 5.2.3 - Remote Code Execution (RCE) vulnerability — Hotel Booking Lite 9.1 Critical2025-12-18
CVE-2025-60070 WordPress Molla - Multipurpose Responsive Shopify theme <= 1.5.13 - Arbitrary Code Execution vulnerability — Molla 6.5 Medium2025-12-18
CVE-2025-60068 WordPress Javo Core plugin <= 3.0.0.266 - Arbitrary Code Execution vulnerability — Javo Core 6.5 Medium2025-12-18
CVE-2025-14856 y_project RuoYi getnames code injection — RuoYi 6.3 Medium2025-12-18
CVE-2025-14837 ZZCMS Backend Website Settings siteconfig.php stripfxg code injection — ZZCMS 4.7 Medium2025-12-17
CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard — CRM 10.0 Critical2025-12-17
CVE-2025-67744 Mermaid XSS vulnerability leads to Remote Code Execution — deepchat 9.7 Critical2025-12-16
CVE-2025-14730 CTCMS Content Management System Backend System Configuration Ct_Config.php code injection — Content Management System 4.7 Medium2025-12-15
CVE-2025-14729 CTCMS Content Management System Backend App Configuration Ct_App.php save code injection — Content Management System 4.7 Medium2025-12-15
CVE-2023-53888 Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation — Zomplog 8.8AIHighAI2025-12-15
CVE-2023-53883 Webedition CMS v2.9.8.8 Remote Code Execution via PHP Page Creation — Webedition CMS 8.8AIHighAI2025-12-15
CVE-2025-14539 Shortcode Loader <= 1.0 - Unauthenticated Arbitrary Shortcode Execution via 'code' Parameter — Shortcode Ajax 5.4 Medium2025-12-13
CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule — lightning-flow-scanner 8.4 High2025-12-12
CVE-2025-12843 Code Injection in Wave Term v0.12.2 allowing TCC Bypass — waveterm 8.4 -2025-12-12
CVE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management — parse-server 9.8AICriticalAI2025-12-12
CVE-2025-14166 WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection — WPMasterToolKit (WPMTK) – All in one plugin 5.3 Medium2025-12-12
CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write — neuron-ai 8.2 High2025-12-10
CVE-2024-58284 PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings — PopojiCMS 7.2AIHighAI2025-12-10

Vulnerabilities classified as CWE-94 (对生成代码的控制不恰当(代码注入)) represent 1295 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.