Fallos del tipo CWE-94
3719 resultadosCVE-2024-44466CRITICALCOMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/weEPSS 10.7%CVE-2025-1302CRITICALVersions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attEPSS 10.7%CVE-2020-8194—Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and EPSS 10.7%CVE-2024-32641CRITICALMasa CMS Vulnerable to Pre-Auth RCE via JSON APIEPSS 10.6%CVE-2022-41223MEDIUMThe Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injecEPSS 10.6%KEVCVE-2017-16082—A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column EPSS 10.5%CVE-2022-2073CRITICALCode Injection in getgrav/gravEPSS 10.4%CVE-2026-27577CRITICALn8n: Expression Sandbox Escape Leads to RCEEPSS 10.2%CVE-2025-34077CRITICALWordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCEEPSS 9.9%CVE-2022-41544HIGHGetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-ediEPSS 9.4%CVE-2025-28146CRITICALEdimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url iEPSS 9.3%CVE-2026-1560HIGHCustom Block Builder – Lazy Blocks <= 4.2.0 - Authenticated (Contributor+) Remote Code ExecutionEPSS 9.1%CVE-2024-21534CRITICALAll versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can EPSS 9.1%CVE-2022-36963HIGHSolarWinds Platform Deserialization of Untrusted Data VulnerabilityEPSS 8.4%CVE-2025-57772HIGHDataease H2 JDBC RCE BypassEPSS 8.2%CVE-2024-28848HIGHSpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` in OpenMetadataEPSS 7.9%CVE-2024-0252HIGHRemote code executionEPSS 7.8%CVE-2025-58176HIGHDive's improper processing of custom urls can lead to Remote Code ExecutionEPSS 7.7%CVE-2025-57773HIGHDataease DB2 Aspectweaver Deserialization Arbitrary File Write VulnerabilityEPSS 7.3%CVE-2026-3584CRITICALKali Forms <= 2.4.9 - Unauthenticated Remote Code Execution via form_processEPSS 7.2%