Weaknesses of type CWE-94
3,766 resultsCVE-2024-45798CRITICALMultiple Poisoned Pipeline Execution (PPE) vulnerabilitiesEPSS 0.8%CVE-2024-39071CRITICALFujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php.EPSS 0.8%CVE-2024-39669CRITICALIn the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly executeEPSS 0.8%CVE-2022-38946CRITICALArbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary codEPSS 0.8%CVE-2026-27497CRITICALn8n has Potential Remote Code Execution via Merge NodeEPSS 0.8%CVE-2025-13592HIGHAdvanced Ads <= 2.0.14 - Authenticated (Editor+) Remote Code Execution via ShortcodeEPSS 0.8%CVE-2026-42238CRITICALUnauthenticated Remote Code Execution via Backup Restore in nginx-uiEPSS 0.8%CVE-2025-9321CRITICALWPCasa <= 1.4.1 - Unauthenticated Code InjectionEPSS 0.8%CVE-2024-11697HIGHWhen handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialogEPSS 0.8%CVE-2026-27745HIGHSPIP interface_traduction_objets < 2.2.2 Authenticated RCEEPSS 0.8%CVE-2025-12813CRITICALHoliday class post calendar <= 7.1 - Unauthenticated Remote Code Execution via 'contents'EPSS 0.8%CVE-2021-47735HIGHCMSimple 5.4 Authenticated Remote Code Execution via Template EditingEPSS 0.8%CVE-2024-37821HIGHAn arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitraEPSS 0.8%CVE-2023-49001CRITICALAn issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.eEPSS 0.8%CVE-2025-30013MEDIUMCode Injection vulnerability in SAP ERP BW Business ContentEPSS 0.8%CVE-2024-52786CRITICALAn authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a EPSS 0.8%CVE-2019-25468CRITICALNetGain EM Plus 10.1.68 Remote Code Execution via script_test.jspEPSS 0.8%CVE-2024-51367CRITICALAn arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrEPSS 0.8%CVE-2022-3721HIGH Code Injection in froxlor/froxlorEPSS 0.8%CVE-2024-31380CRITICALWordPress Oxygen plugin <= 4.9 - Authenticated Remote Code Execution (RCE) vulnerabilityEPSS 0.8%