Fallos del tipo CWE-94

3766 resultados
CVE-2025-66457HIGHElysia affected by arbitrary code injection through cookie configEPSS 0.7%CVE-2026-42785HIGHOpenKM 6.3.12 Remote Code Execution via Administrative ScriptingEPSS 0.7%CVE-2026-30306CRITICALIn its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The descEPSS 0.7%CVE-2024-10505MEDIUMwuzhicms block.php edit code injectionEPSS 0.7%CVE-2024-39017CRITICALagreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows atEPSS 0.7%CVE-2024-44430CRITICALSQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitiEPSS 0.7%CVE-2025-29064CRITICALAn issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the csteEPSS 0.7%CVE-2020-7381MEDIUMCode Injection in Rapid7 Nexpose InstallerEPSS 0.7%CVE-2024-11620HIGHWordPress Rank Math SEO plugin <= 1.0.231 - Arbitrary .htaccess Overwrite to Remote Code Execution (RCE) vulnerabilityEPSS 0.7%CVE-2026-4681CRITICALCritical Remote Code Execution vulnerability reported in WindchillEPSS 0.7%CVE-2024-56072HIGHAn issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows remote attackers to cause a denial of servEPSS 0.7%CVE-2019-14827A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contextsEPSS 0.7%CVE-2024-6940MEDIUMDedeCMS article_template_rand.php code injectionEPSS 0.7%CVE-2026-35056HIGHXenForo Remote Code Execution via Authenticated AdminEPSS 0.7%CVE-2026-39918CRITICALVvveb < 1.0.8.1 Code Injection via Installation EndpointEPSS 0.7%CVE-2026-31857HIGHCraftCMS has an RCE vulnerability via relational conditionals in the control panelEPSS 0.7%CVE-2025-4859MEDIUMD-Link DAP-2695 MAC Bypass Settings Page adv_macbypass.php cross site scriptingEPSS 0.7%CVE-2024-28886HIGHOS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file (.usEPSS 0.7%CVE-2024-55505HIGHAn issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component.EPSS 0.7%CVE-2024-4144MEDIUMSimple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.7%