Fallos del tipo CWE-94
3728 resultadosCVE-2023-29492CRITICALNovi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This doeEPSS 2.7%KEVCVE-2024-9162HIGHAll-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code InjectionEPSS 2.7%CVE-2018-19002—LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, wEPSS 2.7%CVE-2024-42845HIGHAn eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to exEPSS 2.7%CVE-2026-44403HIGHWing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session SerializationEPSS 2.6%CVE-2021-27446CRITICALWeintek EasyWeb cMT Code InjectionEPSS 2.6%CVE-2020-11079HIGHcommand injection fix in node-dns-syncEPSS 2.6%CVE-2022-39833HIGHFileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported APIEPSS 2.6%CVE-2016-10546—An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and deEPSS 2.6%CVE-2025-66294HIGHGrav is vulnerable to RCE via SSTI through Twig Sandbox BypassEPSS 2.6%CVE-2025-44881CRITICALA command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commandEPSS 2.6%CVE-2022-25894CRITICALAll versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jeEPSS 2.6%CVE-2021-31949HIGHMicrosoft Outlook Remote Code Execution VulnerabilityEPSS 2.6%CVE-2023-43364CRITICALmain.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.EPSS 2.6%CVE-2024-21508CRITICALVersions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validEPSS 2.6%CVE-2021-40485HIGHMicrosoft Excel Remote Code Execution VulnerabilityEPSS 2.5%CVE-2023-26119CRITICALVersions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, whEPSS 2.5%CVE-2026-24516HIGHA command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component (internal/troubEPSS 2.5%CVE-2017-16020—Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary EPSS 2.5%CVE-2026-26830CRITICALpdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and conEPSS 2.5%