Fallos del tipo CWE-94

3754 resultados
CVE-2023-6131HIGHCode Injection in salesagility/suitecrmEPSS 1.0%CVE-2023-44846An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.EPSS 1.0%CVE-2024-29500CRITICALAn issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a CEPSS 1.0%CVE-2022-22985HIGHICSA-22-062-01 IPCOMM ipDIOEPSS 1.0%CVE-2025-70830CRITICALA Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackersEPSS 1.0%CVE-2023-25910CRITICALA vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7EPSS 1.0%CVE-2024-46640CRITICALSeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the checkEPSS 1.0%CVE-2024-25293CRITICALmjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.EPSS 1.0%CVE-2023-3656CRITICALUnauthenticated Remote Code ExecutionEPSS 1.0%CVE-2024-25202MEDIUMCross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary EPSS 1.0%CVE-2024-50658CRITICALServer-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBillEPSS 1.0%CVE-2025-1087CRITICALArbitrary Code Execution in Kong Insomnia Desktop ApplicationEPSS 1.0%CVE-2021-22952A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to EPSS 1.0%CVE-2025-26014CRITICALA Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter.EPSS 1.0%CVE-2024-37273CRITICALAn arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code viaEPSS 1.0%CVE-2024-40442HIGHAn issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annEPSS 1.0%CVE-2026-45495HIGHMicrosoft Edge (Chromium-based) Remote Code Execution VulnerabilityEPSS 1.0%CVE-2025-50706CRITICALAn issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck functionEPSS 1.0%CVE-2025-50707CRITICALAn issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php componentEPSS 1.0%CVE-2024-12215HIGHRemote Code Execution in kedro-org/kedroEPSS 1.0%