Weaknesses of type CWE-94
3,760 resultsCVE-2026-45495HIGHMicrosoft Edge (Chromium-based) Remote Code Execution VulnerabilityEPSS 1.0%CVE-2024-12215HIGHRemote Code Execution in kedro-org/kedroEPSS 1.0%CVE-2025-50707CRITICALAn issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php componentEPSS 1.0%CVE-2025-50706CRITICALAn issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck functionEPSS 1.0%CVE-2023-46243CRITICALCode execution via the edit action in XWiki platformEPSS 1.0%CVE-2023-43958CRITICALAn arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows aEPSS 1.0%CVE-2025-0185HIGHPandas Query Injection in langgenius/difyEPSS 1.0%CVE-2023-36258—An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be uEPSS 1.0%CVE-2017-20086MEDIUMVaultPress Plugin code injectionEPSS 1.0%CVE-2025-52385CRITICALAn issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process moEPSS 1.0%CVE-2026-41044HIGHApache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by JolokiaEPSS 1.0%CVE-2024-53604CRITICALA SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which alEPSS 1.0%CVE-2021-38450CRITICALTrane Tracer Code InjectionEPSS 1.0%CVE-2025-46191CRITICALArbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to uplEPSS 1.0%CVE-2024-6602CRITICALMemory corruption in NSSEPSS 1.0%CVE-2026-43997CRITICALvm2: Sandbox EscapeEPSS 1.0%CVE-2025-48984HIGHA vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.EPSS 1.0%CVE-2023-23645CRITICALWordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution VulnerabilityEPSS 1.0%CVE-2022-24915HIGHICSA-22-062-01 IPCOMM ipDIOEPSS 1.0%CVE-2014-10065—Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing forEPSS 1.0%