Weaknesses of type CWE-94

3,777 results
CVE-2025-15540HIGHAuthenticated RCE in Raytha CMSEPSS 0.5%CVE-2026-50880CRITICALAn issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crEPSS 0.5%CVE-2026-28505HIGHTautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist checkEPSS 0.5%CVE-2019-3695HIGHpcp: Local privilege escalation from user pcp to rootEPSS 0.5%CVE-2026-45583HIGHMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 0.5%CVE-2024-46639HIGHA cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payloEPSS 0.5%CVE-2026-45697CRITICALFormie: Pre-authenticated server-side template injection in Hidden fieldsEPSS 0.5%CVE-2024-31648MEDIUMCross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a craftEPSS 0.5%CVE-2023-24333HIGHA stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary comEPSS 0.5%CVE-2026-23742HIGHSkipper arbitrary code execution through lua filtersEPSS 0.5%CVE-2026-25856HIGHOpenBullet2 0.3.2 Authenticated RCE via Job Configuration InterfaceEPSS 0.5%CVE-2024-38990MEDIUMTada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. This vulnerability allows attackers to EPSS 0.5%CVE-2026-41486HIGHRay: Remote Code Execution via Parquet Arrow Extension Type DeserializationEPSS 0.5%CVE-2026-53576CRITICALKestra: Unauthenticated RCE via /configs path-suffix auth-filter bypassEPSS 0.5%CVE-2025-30085CRITICALExtension - rsjoomla.com - Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for JoomlaEPSS 0.5%CVE-2024-11678MEDIUMCodeAstro Hospital Management System his_doc_register_patient.php cross site scriptingEPSS 0.5%CVE-2024-11675MEDIUMCodeAstro Hospital Management System Add Patient Details Page his_admin_register_patient.php cross site scriptingEPSS 0.5%CVE-2023-27986HIGHemacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescapedEPSS 0.5%CVE-2024-56327HIGHMalicious plugin names, recipients, or identities can cause arbitrary binary execution in pyrageEPSS 0.5%CVE-2026-43898CRITICALSandboxJS: Sandbox escape via Function.caller leakage of internal call opEPSS 0.5%