Weaknesses of type CWE-94
3,719 resultsCVE-2026-3300CRITICALEverest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation FieldEPSS 41.0%CVE-2022-0661—Ad Injection <= 1.2.0.19 - Admin+ Stored Cross-Site Scripting & RCEEPSS 40.6%CVE-2022-37155HIGHRCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.EPSS 40.0%CVE-2026-29014CRITICALMetInfo CMS Unauthenticated PHP Code Injection RCEEPSS 39.7%CVE-2024-53944CRITICALAn issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M762EPSS 39.2%CVE-2025-2945CRITICALpgAdmin 4: Remote Code Execution in Query Tool and Cloud DeploymentEPSS 39.1%CVE-2024-7094CRITICALJS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.6 - Unauthenticated PHP Code Injection to Remote Code ExecutionEPSS 37.9%CVE-2023-20209MEDIUMA vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) couEPSS 37.9%CVE-2009-1547HIGHUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a cEPSS 37.4%CVE-2024-43363HIGHRemote code execution via Log Poisoning in CactiEPSS 35.8%CVE-2024-37084CRITICALCVE-2024-37084: Remote code execution in Spring Cloud Data FlowEPSS 35.2%CVE-2024-32030HIGHRemote code execution via JNDI resolution in JMX metrics collection in Kafka UIEPSS 34.1%CVE-2026-27966CRITICALLangflow has Remote Code Execution in CSV AgentEPSS 33.7%CVE-2022-40871CRITICALDolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarrEPSS 33.4%CVE-2024-29276CRITICALAn issue was discovered in seeyonOA version 8, allows remote attackers to execute arbitrary code via the importProcess method in WorkFlowDesEPSS 32.8%CVE-2020-8218HIGHA code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code eEPSS 32.7%KEVCVE-2013-3129HIGHMicrosoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+,EPSS 32.4%CVE-2023-0048HIGH Code Injection in lirantal/daloradiusEPSS 32.3%CVE-2009-2512CRITICALThe Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headEPSS 31.2%CVE-2021-29440HIGHTwig allowing dangerous PHP functions by defaultEPSS 30.6%