Weaknesses of type CWE-94

3,781 results
CVE-2025-67035CRITICALAn issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilEPSS 0.3%CVE-2025-10411MEDIUMitsourcecode E-Logbook with Health Monitoring System for COVID-19 POST Request check_profile.php cross site scriptingEPSS 0.3%CVE-2025-11946MEDIUMLogicalDOC Community Edition Add Contact frontend.jsp cross site scriptingEPSS 0.3%CVE-2025-2699MEDIUMGetmeUK ContentTools Image cross site scriptingEPSS 0.3%CVE-2025-15223MEDIUMPhilipinho Simple-PHP-Blog login.php cross site scriptingEPSS 0.3%CVE-2025-2084MEDIUMPHPGurukul Human Metapneumovirus Testing Management System Search Report Page search-report.php cross site scriptingEPSS 0.3%CVE-2026-3409MEDIUMeosphoros-ai db-gpt Flow Import Endpoint import importlib.machinery.SourceFileLoader.exec_module code injectionEPSS 0.3%CVE-2025-9796MEDIUMthinkgem JeeSite EncodeUtils.java decodeUrl2 cross site scriptingEPSS 0.3%CVE-2024-28811LOWAn issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications containeEPSS 0.3%CVE-2026-13558MEDIUMCodeAstro Complaint Management System Report addreport cross site scriptingEPSS 0.3%CVE-2026-55570CRITICALSiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)EPSS 0.3%CVE-2026-49493HIGHMarkdown Preview Enhanced Arbitrary Code Execution via Bitfield interpretJS()EPSS 0.3%CVE-2025-6473MEDIUMcode-projects School Fees Payment System fees.php cross site scriptingEPSS 0.3%CVE-2026-31236CRITICALThe llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is inEPSS 0.3%CVE-2025-5886MEDIUMEmlog article.php cross site scriptingEPSS 0.3%CVE-2025-6569MEDIUMcode-projects School Fees Payment System student.php cross site scriptingEPSS 0.3%CVE-2025-9143MEDIUMScada-LTS mailing_lists.shtm cross site scriptingEPSS 0.3%CVE-2024-4261MEDIUMResponsive Contact Form Builder & Lead Generation Plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode ExecutionEPSS 0.3%CVE-2026-25125MEDIUMOctober CMS: Environment Variable Exfiltration via INI Parser InterpolationEPSS 0.3%CVE-2025-2086MEDIUMStarSea99 starsea-mall update cross site scriptingEPSS 0.3%