Fallos del tipo CWE-94
3719 resultadosCVE-2024-28116HIGHServer-Side Template Injection (SSTI) with Grav CMS security sandbox bypassEPSS 5.8%CVE-2023-33131HIGHMicrosoft Outlook Remote Code Execution VulnerabilityEPSS 5.7%CVE-2025-22905CRITICALRE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.EPSS 5.6%CVE-2022-24780HIGHCode Injection in Combodo iTopEPSS 5.3%CVE-2020-5739—Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpeEPSS 5.3%CVE-2026-33057CRITICALMesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-pyEPSS 5.3%CVE-2026-21877CRITICALn8n is vulnerable to Remote Code Execution via Arbitrary File WriteEPSS 5.3%CVE-2017-16100—dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.EPSS 5.1%CVE-2025-71243CRITICALSPIP Saisies Plugin < 5.11.1 Remote Code ExecutionEPSS 5.1%CVE-2024-21646CRITICALAzure IoT Platform Device SDK Remote Code Execution VulnerabilityEPSS 5.1%CVE-2014-5401—Hospira MedNet Code InjectionEPSS 5.0%CVE-2019-6823—A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remoteEPSS 5.0%CVE-2021-31198HIGHMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 4.9%CVE-2021-29472HIGHMissing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composerEPSS 4.8%CVE-2023-41179HIGHA vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security anEPSS 4.7%KEVCVE-2020-5529HIGHHtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript EPSS 4.6%CVE-2019-18582CRITICALDell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a servEPSS 4.6%CVE-2024-41468CRITICALTenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommandEPSS 4.6%CVE-2024-28397MEDIUMAn issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.EPSS 4.5%CVE-2022-29221HIGHPHP Code Injection by malicious block or filename in SmartyEPSS 4.5%