Fallos del tipo CWE-94
3754 resultadosCVE-2024-35515CRITICALInsecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.EPSS 0.9%CVE-2024-11587MEDIUMidcCMS classProvCity.php GetCityOptionJs cross site scriptingEPSS 0.9%CVE-2024-22722HIGHServer Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field EPSS 0.9%CVE-2024-38458HIGHXenforo before 2.2.16 allows code injection.EPSS 0.9%CVE-2024-3957MEDIUMBooster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.9%CVE-2024-37061HIGHRemote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLprojectEPSS 0.9%CVE-2022-46874HIGHA file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place.EPSS 0.9%CVE-2025-65037CRITICALAzure Container Apps Remote Code Execution VulnerabilityEPSS 0.9%CVE-2025-3053HIGHUiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.07 - Authenticated (Subscriber+) Remote Code ExecutionEPSS 0.9%CVE-2025-41699HIGHPhoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllersEPSS 0.9%CVE-2026-27597CRITICAL@enclave-vm/core is vulnerable to Sandbox EscapeEPSS 0.9%CVE-2021-37694HIGHCode injection issue for java-spring-cloud-stream-templateEPSS 0.9%CVE-2026-6951CRITICALVersions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912]EPSS 0.9%CVE-2024-4264CRITICALRemote Code Execution in berriai/litellmEPSS 0.9%CVE-2024-38993CRITICALrjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to EPSS 0.9%CVE-2024-5751CRITICALRemote Code Execution in BerriAI/litellmEPSS 0.9%CVE-2025-5309HIGHRemote Support & Privileged Remote Access server side template injectionEPSS 0.9%CVE-2024-50704CRITICALUnauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code vEPSS 0.9%CVE-2024-5826CRITICALRemote Code Execution via Prompt Injection in vanna-ai/vannaEPSS 0.9%CVE-2021-39426CRITICALAn issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 paraEPSS 0.9%