Fallos del tipo CWE-94
3775 resultadosCVE-2024-45390HIGH@blakeembrey/template vulnerable to code injection when attacker controls template inputEPSS 0.4%CVE-2025-47588CRITICALWordPress Dynamic Pricing With Discount Rules for WooCommerce plugin <= 4.5.9 - Arbitrary Code Execution vulnerabilityEPSS 0.4%CVE-2026-7027MEDIUMD-Link DSL-2740R Wireless Setup Section cross site scriptingEPSS 0.4%CVE-2024-1706MEDIUMZKTeco ZKBio Access IVS Department Name Search Bar cross site scriptingEPSS 0.4%CVE-2026-7191HIGHArbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWSEPSS 0.4%CVE-2025-54594CRITICALreact-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltrationEPSS 0.4%CVE-2025-61588CRITICALrisc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read`EPSS 0.4%CVE-2023-1367MEDIUM Code Injection in alextselegidis/easyappointmentsEPSS 0.4%CVE-2023-6691HIGHCode Injection vulnerability in Cambium ePMP Force 300-25EPSS 0.4%CVE-2022-23465HIGHSwiftTerm vulnerable to arbitrary command executionEPSS 0.4%CVE-2025-61929CRITICALCherry Studio allows one-click on a specific URL to cause a command to executeEPSS 0.4%CVE-2023-6604MEDIUMFfmpeg: hls xbin demuxer dos amplification in ffmpegEPSS 0.4%CVE-2024-34761HIGHWordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Arbitrary Function Execution vulnerabilityEPSS 0.4%CVE-2025-11093HIGHArbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS)EPSS 0.4%CVE-2025-7885MEDIUMHuashengdun WebSSH Login Page cross site scriptingEPSS 0.4%CVE-2025-67035CRITICALAn issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilEPSS 0.4%CVE-2026-28425HIGHStatamic vulnerable to remote code execution via Antlers-enabled control panel inputsEPSS 0.4%CVE-2026-1516MEDIUMImproper Control of Generation of Code ('Code Injection') in GitLabEPSS 0.4%CVE-2025-63665CRITICALAn issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payEPSS 0.4%CVE-2024-6005MEDIUMZKTeco ZKBio CVSecurity V5000 Department Section cross site scriptingEPSS 0.4%