Fallos del tipo CWE-94

3754 resultados
CVE-2023-44382CRITICALOctober CMS safe mode bypass using Twig sandbox escapeEPSS 0.9%CVE-2025-6000CRITICALArbitrary Remote Code Execution via Plugin Catalog AbuseEPSS 0.9%CVE-2025-2710MEDIUMYonyou UFIDA ERP-NC menu.jsp cross site scriptingEPSS 0.9%CVE-2025-2709MEDIUMYonyou UFIDA ERP-NC login.jsp cross site scriptingEPSS 0.9%CVE-2025-2711MEDIUMYonyou UFIDA ERP-NC systop.jsp cross site scriptingEPSS 0.9%CVE-2023-26782MEDIUMAn issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System ConfiguratEPSS 0.9%CVE-2022-38745HIGHApache OpenOffice: Empty entry in Java class pathEPSS 0.9%CVE-2023-36645CRITICALSQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer functEPSS 0.9%CVE-2017-20095MEDIUMSimple Ads Manager Plugin code injectionEPSS 0.9%CVE-2024-22144CRITICALWordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerabilityEPSS 0.9%CVE-2024-40495HIGHA vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via thEPSS 0.9%CVE-2025-45857CRITICALEDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function.EPSS 0.9%CVE-2025-32106CRITICALIn Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability EPSS 0.9%CVE-2026-44513HIGHDiffusers: `trust_remote_code` bypass via `custom_pipeline` and local custom componentsEPSS 0.9%CVE-2024-48579CRITICALSQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code vEPSS 0.9%CVE-2022-35944MEDIUMOctober CMS Safe Mode bypass leads to authenticated RCE (Remote Code Execution)EPSS 0.9%CVE-2024-39236CRITICALGradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is tEPSS 0.9%CVE-2024-12372CRITICALRockwell Automation PowerMonitor™ 1000 Denial of ServiceEPSS 0.9%CVE-2023-31447user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payEPSS 0.9%CVE-2022-43279HIGHLimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.phEPSS 0.9%