Fallos del tipo CWE-94

3764 resultados
CVE-2024-30868CRITICALnetentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php.EPSS 0.7%CVE-2024-12900MEDIUMFoxCMS Configuration File installdb.php code injectionEPSS 0.7%CVE-2025-32798HIGHConda-build Allows Arbitrary Code Execution via Malicious Recipe SelectorsEPSS 0.7%CVE-2026-24747HIGHPyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint FilesEPSS 0.7%CVE-2025-57644CRITICALAccela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative useEPSS 0.7%CVE-2024-37899CRITICALDisabling a user account changes its author, allowing RCE from user account in XWikiEPSS 0.7%CVE-2025-67489CRITICAL@vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development serverEPSS 0.7%CVE-2025-45479CRITICALInsufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting EPSS 0.7%CVE-2023-45560An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.EPSS 0.7%CVE-2026-40342CRITICALFirebird: Path Traversal + Arbitrary File Write Leads to Remote Code ExecutionEPSS 0.7%CVE-2026-33938HIGHHandlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-blockEPSS 0.7%CVE-2024-9006MEDIUMjeanmarc77 123solar config_invt1.php code injectionEPSS 0.7%CVE-2024-39015CRITICALcafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request. This vulnerability allows attackers to execEPSS 0.7%CVE-2024-31266CRITICALWordPress Advanced Order Export For WooCommerce plugin <= 3.4.4 - Remote Code Execution (RCE) vulnerabilityEPSS 0.7%CVE-2025-5127MEDIUMTeledyne FLIR AX8 prod.php cross site scriptingEPSS 0.7%CVE-2020-8140A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRAREPSS 0.7%CVE-2026-48519CRITICALLangflow: Unauthenticated RCE in Shareable PlaygroundsEPSS 0.7%CVE-2025-58159CRITICALWeGIA Authenticated Arbitrary File Upload Leading To Remote Code Execution (RCE)EPSS 0.7%CVE-2026-33940HIGHHandlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partialEPSS 0.7%CVE-2025-23051HIGHAuthenticated Remote Code Execution in AOS Web-based Management InterfaceEPSS 0.7%