Fallos del tipo CWE-94
3748 resultadosCVE-2024-22020MEDIUMA security flaw in Node.js allows a bypass of network import restrictions.
By embedding non-network imports in data URLs, an attacker can eEPSS 1.1%CVE-2023-35701MEDIUMApache Hive: Arbitrary command execution via JDBC driverEPSS 1.1%CVE-2022-3696HIGHA post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.EPSS 1.1%CVE-2026-21256HIGHGitHub Copilot and Visual Studio Remote Code Execution VulnerabilityEPSS 1.1%CVE-2026-6951CRITICALVersions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912]EPSS 1.1%CVE-2023-48643CRITICALShrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configurEPSS 1.1%CVE-2024-9439HIGHRemote Code Execution in transformeroptimus/superagiEPSS 1.1%CVE-2024-24525CRITICALAn issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parametEPSS 1.1%CVE-2026-25142CRITICALSandboxJS Prototype Pollution -> Sandbox Escape -> RCEEPSS 1.1%CVE-2021-47778HIGHGetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code InjectionEPSS 1.1%CVE-2017-20099HIGHAnalytics Stats Counter Statistics Plugin code injectionEPSS 1.1%CVE-2022-43416HIGHJenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invEPSS 1.1%CVE-2023-45144CRITICALRemote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki AppEPSS 1.1%CVE-2022-50806HIGH4images 1.9 - Remote Command Execution (RCE)EPSS 1.1%CVE-2022-46742CRITICALCode injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.
EPSS 1.1%CVE-2023-47003CRITICALAn issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlocEPSS 1.1%CVE-2025-26818CRITICALNetwrix Password Secure through 9.2 allows command injection.EPSS 1.1%CVE-2023-1304HIGHRapid7 InsightCloudSec getattr() method accessEPSS 1.1%CVE-2024-22131CRITICALCode Injection vulnerability in SAP ABA (Application Basis)EPSS 1.1%CVE-2022-36386CRITICALWordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerabilityEPSS 1.1%