Weaknesses of type CWE-94
3,775 resultsCVE-2024-13205MEDIUMkurniaramadhan E-Commerce-PHP Create Product Page create_product.php cross site scriptingEPSS 0.5%CVE-2026-30117CRITICALscalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar PrEPSS 0.5%CVE-2024-53920HIGHIn elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs LEPSS 0.5%CVE-2025-53836CRITICALXWiki Rendering is vulnerable to RCE attacks when processing nested macrosEPSS 0.5%CVE-2024-12983MEDIUMcode-projects Hospital Management System Edit Doctor Details Page manage-doctors.php cross site scriptingEPSS 0.5%CVE-2026-58454HIGHJAIOTlink C492A-W6 4.8.30.57701411 RCE via /Anyka/config EndpointEPSS 0.5%CVE-2024-37405MEDIUMLivechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken (pre-authentication) and livechat:loadHistEPSS 0.5%CVE-2025-3982MEDIUMnortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollutionEPSS 0.5%CVE-2021-33693MEDIUMSAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that coulEPSS 0.5%CVE-2025-59053CRITICALAIRI's character card/chat UI is vulnerable to XSS and can lead to RCEEPSS 0.5%CVE-2025-51387CRITICALThe GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following inEPSS 0.5%CVE-2026-56264CRITICALCrawl4AI - Arbitrary JavaScript Execution via /execute_js EndpointEPSS 0.5%CVE-2026-46850CRITICALVulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for VS Code). The supported version that is affected is 2026.2.EPSS 0.5%CVE-2024-43393HIGHPhoenix Contact: Configuration changes of the firewall services can lead to DoS in MGUARD devicesEPSS 0.5%CVE-2024-40489CRITICALThere is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute EPSS 0.5%CVE-2024-43389HIGHPhoenix Contact: OSPF reconfiguration due to improper input validation in MGUARD devicesEPSS 0.5%CVE-2024-43391HIGHPhoenix Contact: Firewall reconfiguration through the FW_PORTFORWARDING.SRC_IP in MGUARD devicesEPSS 0.5%CVE-2024-43390HIGHPhoenix Contact: Firewall reconfiguration due to improper input validation in MGUARD devicesEPSS 0.5%CVE-2024-43392HIGHPhoenix Contact: Firewall reconfiguration through the FW_environment variables in MGUARD devicesEPSS 0.5%CVE-2025-66222CRITICALDeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)EPSS 0.5%