Fallos del tipo CWE-94
3748 resultadosCVE-2026-23830CRITICALSandboxJS has Sandbox Escape via Unprotected AsyncFunction ConstructorEPSS 1.1%CVE-2023-0671CRITICAL Code Injection in froxlor/froxlorEPSS 1.1%CVE-2023-51282HIGHAn issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.EPSS 1.1%CVE-2024-33644CRITICALWordPress Customify Site Library plugin <= 0.0.9 - Remote Code Execution (RCE) vulnerabilityEPSS 1.1%CVE-2023-32692CRITICALRemote Code Execution Vulnerability in Validation PlaceholdersEPSS 1.1%CVE-2023-45849CRITICALArbitrary Code Execution in Helix CoreEPSS 1.1%CVE-2026-33336MEDIUMVikunja Desktop vulnerable to Remote Code Execution via same-window navigationEPSS 1.1%CVE-2023-48390CRITICALMultisuns EasyLog web+ - Command InjectionEPSS 1.1%CVE-2024-10131HIGHRemote Code Execution in infiniflow/ragflowEPSS 1.1%CVE-2021-38117HIGHPossible Remote Code Execution Vulnerability OpenText iManagerEPSS 1.1%CVE-2024-40487HIGHA Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remotEPSS 1.1%CVE-2023-1708MEDIUMAn issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 whEPSS 1.1%CVE-2022-30175HIGHAzure RTOS GUIX Studio Remote Code Execution VulnerabilityEPSS 1.1%CVE-2024-30202HIGHIn Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.EPSS 1.1%CVE-2024-25298HIGHAn issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.moEPSS 1.1%CVE-2024-21574CRITICALThe issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install customEPSS 1.1%CVE-2024-8923CRITICALSandbox Escape in Now PlatformEPSS 1.1%CVE-2022-25926HIGHVersions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanEPSS 1.1%CVE-2023-48217HIGHRemote code execution via form uploads in statamic/cmsEPSS 1.1%CVE-2022-3418HIGHWP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCEEPSS 1.1%