Weaknesses of type CWE-94

3,759 results
CVE-2019-2390HIGHCode execution on Windows via OpenSSL engine injectionEPSS 1.0%CVE-2025-66848CRITICALJD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r43EPSS 1.0%CVE-2024-3044MEDIUMGraphic on-click binding allows unchecked script executionEPSS 1.0%CVE-2024-48655HIGHAn issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.EPSS 1.0%CVE-2023-6131HIGHCode Injection in salesagility/suitecrmEPSS 1.0%CVE-2023-4291CRITICALFrauscher FDS101 for FAdC/FAdCi remote code execution vulnerabilityEPSS 1.0%CVE-2023-44846An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.EPSS 1.0%CVE-2022-22985HIGHICSA-22-062-01 IPCOMM ipDIOEPSS 1.0%CVE-2024-29500CRITICALAn issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a CEPSS 1.0%CVE-2025-70830CRITICALA Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackersEPSS 1.0%CVE-2023-25910CRITICALA vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7EPSS 1.0%CVE-2024-46640CRITICALSeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the checkEPSS 1.0%CVE-2024-25293CRITICALmjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.EPSS 1.0%CVE-2023-3656CRITICALUnauthenticated Remote Code ExecutionEPSS 1.0%CVE-2024-25202MEDIUMCross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary EPSS 1.0%CVE-2024-50658CRITICALServer-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBillEPSS 1.0%CVE-2025-1087CRITICALArbitrary Code Execution in Kong Insomnia Desktop ApplicationEPSS 1.0%CVE-2021-22952A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to EPSS 1.0%CVE-2025-26014CRITICALA Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter.EPSS 1.0%CVE-2024-37273CRITICALAn arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code viaEPSS 1.0%