Weaknesses of type CWE-94

3,719 results

CVE-2022-22947CRITICALIn spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway ActuatEPSS 98.3%KEV CVE-2023-6553CRITICALBackup Migration <= 1.3.7 - Unauthenticated Remote Code ExecutionEPSS 97.8%CVE-2024-9264CRITICALGrafana SQL Expressions allow for remote code executionEPSS 97.8%CVE-2024-56145CRITICALRCE when PHP `register_argc_argv` config setting is enabled in craftcms/cmsEPSS 97.4%KEV CVE-2023-0297CRITICAL Code Injection in pyload/pyloadEPSS 97.0%CVE-2023-33246CRITICALApache RocketMQ: Possible remote code execution vulnerability when using the update configuration functionEPSS 96.6%KEV CVE-2026-34197HIGHApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeansEPSS 96.3%KEV CVE-2018-1273CRITICALSpring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerabilitEPSS 95.6%KEV CVE-2023-49070—Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still presentEPSS 95.4%CVE-2009-1151CRITICALStatic code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to injeEPSS 95.4%KEV CVE-2025-54068CRITICALLivewire vulnerable to remote command execution during property update hydrationEPSS 95.4%KEV CVE-2019-7609CRITICALKibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the EPSS 95.3%KEV CVE-2023-25717CRITICALRuckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLoginEPSS 95.1%KEV CVE-2017-9822HIGHDNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN siteEPSS 94.8%KEV CVE-2019-10173HIGHIt was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framEPSS 94.8%CVE-2024-45507HIGHApache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCEEPSS 93.2%CVE-2023-41892CRITICALCraft CMS Remote Code Execution vulnerabilityEPSS 92.9%CVE-2020-8243HIGHA vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template toEPSS 90.8%KEV CVE-2025-59528CRITICALFlowise has Remote Code Execution vulnerabilityEPSS 90.2%CVE-2023-37582CRITICALApache RocketMQ: Possible remote code execution when using the update configuration functionEPSS 90.0%

← previouspage 2 / 186next →