Weaknesses of type CWE-94
3,737 resultsCVE-2023-36281CRITICALAn issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subcEPSS 2.8%CVE-2018-25114CRITICALosCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code ExecutionEPSS 2.8%CVE-2025-1550HIGHArbitrary Code Execution via Crafted Keras Config for Model LoadingEPSS 2.8%CVE-2024-7627HIGHBit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race ConditionEPSS 2.8%CVE-2022-3383HIGHUltimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Remote Code Execution via Multi-SelectEPSS 2.8%CVE-2024-3105CRITICALWoody code snippets – Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code ExecutionEPSS 2.8%CVE-2023-28706CRITICALApache Airflow Hive Provider Beeline Remote Command ExecutionEPSS 2.8%CVE-2024-36622CRITICALIn RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to EPSS 2.8%CVE-2019-10182HIGHIt was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could tEPSS 2.7%CVE-2022-21831—A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguEPSS 2.7%CVE-2019-15599—A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the EPSS 2.7%CVE-2019-15597—A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.EPSS 2.7%CVE-2019-15598—A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the cEPSS 2.7%CVE-2022-3384HIGHUltimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Limited Remote Code Execution via um_populate_dropdown_optionsEPSS 2.7%CVE-2024-21689HIGHThis High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, aEPSS 2.7%CVE-2017-16151—Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects alEPSS 2.7%CVE-2021-1362HIGHCisco Unified Communications Products Remote Code Execution VulnerabilityEPSS 2.7%CVE-2022-25860HIGHVersions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemotEPSS 2.7%CVE-2025-22906CRITICALRE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN.EPSS 2.7%CVE-2006-6975CRITICALPHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a UREPSS 2.7%