Weaknesses of type CWE-94

3,777 results
CVE-2025-2207MEDIUMaitangbao springboot-manager dept cross site scriptingEPSS 0.5%CVE-2024-11678MEDIUMCodeAstro Hospital Management System his_doc_register_patient.php cross site scriptingEPSS 0.5%CVE-2024-11675MEDIUMCodeAstro Hospital Management System Add Patient Details Page his_admin_register_patient.php cross site scriptingEPSS 0.5%CVE-2025-1742MEDIUMpihome-shc PiHome home.php cross site scriptingEPSS 0.5%CVE-2025-2208MEDIUMaitangbao springboot-manager Filename upload cross site scriptingEPSS 0.5%CVE-2025-30085CRITICALExtension - rsjoomla.com - Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for JoomlaEPSS 0.5%CVE-2024-12893MEDIUMPortabilis i-Educar Tipo de Usuário Page 2 cross site scriptingEPSS 0.5%CVE-2025-2787HIGHIngress-nginx vulnerability in KNIME Business HubEPSS 0.5%CVE-2026-37637CRITICALAn issue in Alexantr filemanager v.1.0 allows a remote attacker to execute arbitrary code via the filemanager.php componentEPSS 0.5%CVE-2025-0530MEDIUMcode-projects Job Recruitment _feedback_system.php cross site scriptingEPSS 0.5%CVE-2026-36418CRITICALJimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/eEPSS 0.5%CVE-2025-8221MEDIUMjerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsCustController.java goodsSearch cross site scriptingEPSS 0.5%CVE-2024-54448HIGHRemote Code Execution (RCE) via Automation ScriptingEPSS 0.5%CVE-2025-11344MEDIUMILIAS Certificate Import code injectionEPSS 0.5%CVE-2026-6543HIGHAuthenticated Remote Code Execution Vulnerability in Langflow Code Validation EndpointEPSS 0.5%CVE-2025-29629CRITICALGardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak defaEPSS 0.5%CVE-2026-22390CRITICALWordPress Builderall Builder for WordPress plugin <= 3.0.1 - Remote Code Execution (RCE) vulnerabilityEPSS 0.5%CVE-2025-25507MEDIUMThere is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote commanEPSS 0.5%CVE-2025-65854CRITICALInsecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full accoEPSS 0.5%CVE-2026-25776CRITICALMovable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl scriptEPSS 0.5%