Fallos del tipo CWE-94

3760 resultados
CVE-2025-2712MEDIUMYonyou UFIDA ERP-NC top.jsp cross site scriptingEPSS 0.8%CVE-2025-14009HIGHZip Slip Vulnerability in nltk/nltk Leading to Remote Code ExecutionEPSS 0.8%CVE-2023-30990HIGHIBM i command executionEPSS 0.8%CVE-2023-50810MEDIUMIn certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware EPSS 0.8%CVE-2024-48050CRITICALIn agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function,EPSS 0.8%CVE-2024-50707CRITICALUnauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code vEPSS 0.8%CVE-2026-33943HIGHHappy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable codeEPSS 0.8%CVE-2024-5979HIGHDenial of Service via Invalid Argument in h2oai/h2o-3EPSS 0.8%CVE-2024-36074HIGHNetwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the EndpoiEPSS 0.8%CVE-2026-29091HIGHLocutus: Remote Code Execution (RCE) in locutus call_user_func_array due to Code InjectionEPSS 0.8%CVE-2022-23503HIGHTYPO3 vulnerable to Arbitrary Code Execution via Form FrameworkEPSS 0.8%CVE-2023-30131An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unsEPSS 0.8%CVE-2024-12883MEDIUMcode-projects Job Recruitment _email.php cross site scriptingEPSS 0.8%CVE-2017-1002152Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles.EPSS 0.8%CVE-2025-1359MEDIUMSIAM Industria de Automação e Monitoramento qrcode.jsp cross site scriptingEPSS 0.8%CVE-2024-7656HIGHImage Hotspot by DevVN <= 1.2.5 - Authenticated (Author+) PHP Object InjectionEPSS 0.8%CVE-2024-24294CRITICALA Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepPropEPSS 0.8%CVE-2024-34344HIGHRemote code execution via the browser when running the test locally in nuxtEPSS 0.8%CVE-2023-33229LOWSolarWinds Platform Incorrect Input Neutralization VulnerabilityEPSS 0.8%CVE-2023-48226MEDIUMOpenReplay HTML Injection vulnerabilityEPSS 0.8%