Fallos del tipo CWE-94
3729 resultadosCVE-2024-42634CRITICALA Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can executeEPSS 2.2%CVE-2023-30179HIGHCraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User PEPSS 2.2%CVE-2023-5843CRITICALAds by datafeedr.com <= 1.1.3 - Unauthenticated (Limited) Remote Code ExecutionEPSS 2.2%CVE-2022-24735LOWLua scripts can be manipulated to overcome ACL rules in RedisEPSS 2.2%CVE-2026-29955HIGHThe `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `suEPSS 2.2%CVE-2006-3136CRITICALMultiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIEPSS 2.2%CVE-2022-40469HIGHiKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability.EPSS 2.2%CVE-2024-32352HIGHTOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsEPSS 2.2%CVE-2024-32350HIGHTOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsEPSS 2.2%CVE-2026-24107CRITICALAn issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSEPSS 2.2%CVE-2023-29566CRITICALhuedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability vEPSS 2.2%CVE-2020-11057CRITICALCode Injection in XWiki PlatformEPSS 2.2%CVE-2024-43202CRITICALApache DolphinScheduler: Remote Code Execution VulnerabilityEPSS 2.1%CVE-2025-34086HIGHBolt CMS Authenticated Remote Code Execution via Profile Injection and File RenameEPSS 2.1%CVE-2020-7013—Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB EPSS 2.1%CVE-2020-8141—The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template orEPSS 2.1%CVE-2023-27650CRITICALAn issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameterEPSS 2.1%CVE-2025-49029CRITICALWordPress Custom Login And Signup Widget plugin <= 1.0 - Arbitrary Code Execution vulnerabilityEPSS 2.1%CVE-2024-4181HIGHCommand Injection in run-llama/llama_indexEPSS 2.1%CVE-2024-13346HIGHAvada Theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 2.1%