Fallos del tipo CWE-94

3775 resultados
CVE-2025-67164CRITICALAn authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arEPSS 0.4%CVE-2025-9334HIGHBetter Find and Replace <= 1.7.7 - Authenticated (Subscriber+) Limited Code InjectionEPSS 0.4%CVE-2024-46960HIGHThe ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to executEPSS 0.4%CVE-2024-12419MEDIUMDesign for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site ScriptingEPSS 0.4%CVE-2025-0348MEDIUMCampCodes DepEd Equipment Inventory System add_employee.php cross site scriptingEPSS 0.4%CVE-2025-0581MEDIUMCampCodes School Management Software Chat History send cross site scriptingEPSS 0.4%CVE-2026-6902HIGHCode Injection in Perforce P4 (Helix Core)EPSS 0.4%CVE-2025-2209MEDIUMaitangbao springboot-manager add cross site scriptingEPSS 0.4%CVE-2025-0295MEDIUMcode-projects Online Book Shop booklist.php cross site scriptingEPSS 0.4%CVE-2025-32222CRITICALWordPress Widget Logic <= 6.0.5 - Remote Code Execution (RCE) VulnerabilityEPSS 0.4%CVE-2025-2211MEDIUMaitangbao springboot-manager add cross site scriptingEPSS 0.4%CVE-2025-2210MEDIUMaitangbao springboot-manager add cross site scriptingEPSS 0.4%CVE-2025-46000MEDIUMAn arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackerEPSS 0.4%CVE-2025-26182MEDIUMAn issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java fileEPSS 0.4%CVE-2025-10679HIGHReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Limited Remote Code ExecutionEPSS 0.4%CVE-2025-2214MEDIUMMicroweber Settings index.php cross site scriptingEPSS 0.4%CVE-2026-8094CRITICALOther issue in the WebRTC componentEPSS 0.4%CVE-2023-52381CRITICALScript injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integriEPSS 0.4%CVE-2025-1589MEDIUMSourceCodester E-Learning System User Registration register.php cross site scriptingEPSS 0.4%CVE-2025-3489MEDIUMNababur Simple-User-Management-System register.php cross site scriptingEPSS 0.4%