Fallos del tipo CWE-94
3719 resultadosCVE-2021-22900HIGHA vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administraEPSS 14.1%KEVCVE-2025-8723CRITICALCloudflare Image Resizing <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch HookEPSS 14.0%CVE-2025-54466MEDIUMApache OFBiz: RCE Vulnerability in scrum pluginEPSS 14.0%CVE-2023-46818HIGHAn issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_alEPSS 13.9%CVE-2024-42756HIGHAn issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics pageEPSS 13.5%CVE-2009-4491CRITICALthttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window'sEPSS 13.5%CVE-2024-58258HIGHSugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur.EPSS 13.2%CVE-2025-49132CRITICALPterodactyl Panel Allows Unauthenticated Arbitrary Remote Code ExecutionEPSS 13.1%CVE-2023-41724CRITICALA command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the EPSS 12.8%CVE-2021-22053—Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted EPSS 12.7%CVE-2025-8155MEDIUMD-Link DCS-6010L Management Application vb.htm cross site scriptingEPSS 12.7%CVE-2024-28253CRITICALSpEL Injection in `PUT /api/v1/policies` in OpenMetadataEPSS 12.5%CVE-2024-9593HIGHTime Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code ExecutionEPSS 12.5%CVE-2026-45829CRITICALA pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attackEPSS 12.4%CVE-2025-32583CRITICALWordPress PDF 2 Post Plugin <= 2.4.0 - Remote Code Execution (RCE) vulnerabilityEPSS 12.2%CVE-2025-12762CRITICALRemote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)EPSS 12.0%CVE-2025-23121CRITICALA vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain userEPSS 11.6%CVE-2024-54780HIGHNetgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget dueEPSS 11.6%CVE-2024-52765CRITICALH3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter.EPSS 11.2%CVE-2024-21378HIGHMicrosoft Outlook Remote Code Execution VulnerabilityEPSS 11.1%