Weaknesses of type CWE-94
3,778 resultsCVE-2024-12982MEDIUMPHPGurukul Blood Bank & Donor Management System update-contactinfo.php cross site scriptingEPSS 0.4%CVE-2025-3984LOWApereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injectionEPSS 0.4%CVE-2024-13017MEDIUMPHPGurukul Maid Hiring Management System About Us Page aboutus.php cross site scriptingEPSS 0.4%CVE-2025-67034HIGHAn issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleEPSS 0.4%CVE-2024-13192MEDIUMZeroWdd myblog BlogController.java update cross site scriptingEPSS 0.4%CVE-2024-8258LOWInsecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOSEPSS 0.4%CVE-2026-41507CRITICALRemote Code Execution (RCE) via String Literal Injection into math-codegenEPSS 0.4%CVE-2024-12232MEDIUMcode-projects Simple CRUD Functionality index.php cross site scriptingEPSS 0.4%CVE-2025-68278HIGHtinacms vulnerable to arbitrary code executionEPSS 0.4%CVE-2024-13197MEDIUMdonglight bookstore电商书城系统说明 AdminUserControlle.java updateUser cross site scriptingEPSS 0.4%CVE-2026-49143HIGHBrowserStack Runner 0.9.5 Unauthenticated RCE via /_log HTTP HandlerEPSS 0.4%CVE-2025-14691MEDIUMMayan EDMS authentication cross site scriptingEPSS 0.4%CVE-2024-28699HIGHA buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDevEPSS 0.4%CVE-2026-21657HIGHJohnson Controls -Frick Quantum HD- Unauthenticated Remote Code ExecutionEPSS 0.4%CVE-2026-5584MEDIUMFosowl agenticSeek query Endpoint PyInterpreter.py PyInterpreter.execute code injectionEPSS 0.4%CVE-2026-21656HIGHJohnson Controls -Frick Quantum HD- Unauthenticated Remote Code ExecutionEPSS 0.4%CVE-2025-14166MEDIUMWPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code InjectionEPSS 0.4%CVE-2024-12844MEDIUMEmlog Pro store.php cross site scriptingEPSS 0.4%CVE-2023-6601MEDIUMFfmpeg: hls unsafe file extension bypass in ffmpegEPSS 0.4%CVE-2026-38431CRITICALERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email temEPSS 0.4%