Weaknesses of type CWE-94
3,779 resultsCVE-2025-14729MEDIUMCTCMS Content Management System Backend App Configuration Ct_App.php save code injectionEPSS 0.4%CVE-2025-0576MEDIUMMobotix M15 player cross site scriptingEPSS 0.4%CVE-2025-8346MEDIUMPortabilis i-Educar educar_aluno_lst.php cross site scriptingEPSS 0.4%CVE-2026-28797HIGHRAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" ComponentEPSS 0.4%CVE-2025-10032MEDIUMCampcodes Grocery Sales and Inventory System index.php cross site scriptingEPSS 0.4%CVE-2025-14730MEDIUMCTCMS Content Management System Backend System Configuration Ct_Config.php code injectionEPSS 0.4%CVE-2023-51324MEDIUMPHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. ThEPSS 0.4%CVE-2026-33334MEDIUMVikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegrationEPSS 0.4%CVE-2024-9285MEDIUMTu Yafeng Via Browser Javascript Bridge cross site scriptingEPSS 0.4%CVE-2025-5138MEDIUMBitwarden PDF File cross site scriptingEPSS 0.4%CVE-2025-10330MEDIUMcdevroe unmark searchform.php cross site scriptingEPSS 0.4%CVE-2023-51317MEDIUMPHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_codeEPSS 0.4%CVE-2024-12783MEDIUMitsourcecode Vehicle Management System billaction.php cross site scriptingEPSS 0.4%CVE-2025-62023CRITICALWordPress s2Member plugin <= 250905 - Remote Code Execution (RCE) vulnerabilityEPSS 0.4%CVE-2026-37711HIGHAn issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/EPSS 0.4%CVE-2026-44016HIGHDocling: Unsafe Playwright-based HTML RenderingEPSS 0.4%CVE-2026-37713HIGHAn issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/EPSS 0.4%CVE-2026-37712HIGHAn issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/EPSS 0.4%CVE-2024-6950MEDIUMPrain HTTP POST Request ?import code injectionEPSS 0.4%CVE-2026-33608HIGHIncomplete domain name sanitization duringEPSS 0.4%