Weaknesses of type CWE-94

3,777 results
CVE-2026-9170CRITICALIBM HTTP Server is affected by multiple vulnerabilitiesEPSS 0.5%CVE-2025-68952CRITICAL1-click Remote Code Execution (RCE) vulnerability in EigentEPSS 0.5%CVE-2025-24677CRITICALWordPress Post/Page Copying Tool to Export and Import post/page for Cross site Migration Plugin <= 2.0.3 - Remote Code Execution (RCE) vulnerabilityEPSS 0.5%CVE-2026-3395MEDIUMMaxSite CMS MarkItUp Preview AJAX Endpoint preview-ajax.php eval code injectionEPSS 0.5%CVE-2025-2361MEDIUMMercurial SCM Web Interface cross site scriptingEPSS 0.5%CVE-2024-11175MEDIUMPublic CMS Voting Management save cross site scriptingEPSS 0.5%CVE-2023-51820MEDIUMAn issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code.EPSS 0.5%CVE-2025-13786MEDIUMtaosir WTCMS index.php fetch code injectionEPSS 0.5%CVE-2025-45752HIGHA vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functiEPSS 0.5%CVE-2025-61590HIGHCursor is vulnerable to RCE via .code-workspace files using Prompt InjectionEPSS 0.5%CVE-2026-29039HIGHchangedetection.io: XPath - Arbitrary File Read via unparsed-text()EPSS 0.5%CVE-2024-7218MEDIUMSourceCodester/Campcodes School Log Management System ajax.php cross site scriptingEPSS 0.5%CVE-2024-13814MEDIUMGlobal Gallery - WordPress Responsive Gallery <= 9.1.5 - Authenticated (Subscriber+) Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2025-60206CRITICALWordPress Alone theme <= 7.8.3 - Remote Code Execution (RCE) vulnerabilityEPSS 0.5%CVE-2025-46725HIGHLangroid has a Code Injection vulnerability in LanceDocChatAgent through vector_storeEPSS 0.5%CVE-2025-66481CRITICALDeepChat's Incomplete XSS Fix Allows RCE through Mermaid ContentEPSS 0.5%CVE-2024-8254MEDIUMEmail Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2025-1155MEDIUMWebkul QloApps Your Location Search stores cross site scriptingEPSS 0.5%CVE-2025-14324CRITICALJIT miscompilation in the JavaScript Engine: JIT componentEPSS 0.5%CVE-2026-41246HIGHContour: Lua code injection via Cookie Path Rewrite PolicyEPSS 0.5%