Weaknesses of type CWE-94

3,799 results
CVE-2026-10688MEDIUMahujasid blender-mcp server.py execute_blender_code code injectionEPSS 0.2%CVE-2025-24959LOWEnvironment Variable Injection for dotenv API in zxEPSS 0.2%CVE-2024-39289HIGHUnsafe use of eval() method in rosparam toolEPSS 0.2%CVE-2025-33204HIGHNVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker EPSS 0.2%CVE-2026-1146MEDIUMSourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System api_register_patient.php cross site scriptingEPSS 0.2%CVE-2025-12669MEDIUMImproper Control of Generation of Code ('Code Injection') in GitLabEPSS 0.2%CVE-2024-39835HIGHUnsafe use of eval() method in roslaunch toolEPSS 0.2%CVE-2026-24248HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exEPSS 0.2%CVE-2025-33236HIGHNVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit EPSS 0.2%CVE-2025-27998HIGHAn issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL.EPSS 0.2%CVE-2026-54074HIGH@tinacms/cli: Remote Code Execution via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labelsEPSS 0.2%CVE-2026-3476HIGHCode Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026EPSS 0.2%CVE-2026-34725HIGHdbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configurationEPSS 0.2%CVE-2026-0414MEDIUMInsufficient Input Validation Allows Unauthorized Modification of Router Software in certain NETGEAR RoutersEPSS 0.2%CVE-2026-27675LOWCode Injection vulnerability in SAP Landscape TransformationEPSS 0.2%CVE-2025-0664MEDIUMA locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrarEPSS 0.2%CVE-2023-53940HIGHCodigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown FileEPSS 0.2%CVE-2026-54057HIGHKitty vulnerable to command injection via unsanitized OSC 21 query replyEPSS 0.2%CVE-2025-67750HIGHLightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion RuleEPSS 0.2%CVE-2026-24249HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful explEPSS 0.2%