Fallos del tipo CWE-94
3766 resultadosCVE-2023-49830CRITICALWordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE)EPSS 0.7%CVE-2026-25888HIGHChartbrew: Remote Code Execution (RCE) via Vulnerable APIEPSS 0.7%CVE-2024-9132HIGHThe administrator is able to configure an insecure captive portal scriptEPSS 0.7%CVE-2020-8224—A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed direcEPSS 0.7%CVE-2025-70073HIGHAn issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation functionEPSS 0.7%CVE-2026-50223HIGHApache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code ExecutionEPSS 0.7%CVE-2024-29309HIGHAn issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service.EPSS 0.7%CVE-2024-57061CRITICALAn issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure ElectroEPSS 0.7%CVE-2023-32095CRITICALWordPress Rename Media Files Plugin <= 1.0.1 is vulnerable to Remote Code Execution (RCE)EPSS 0.7%CVE-2024-13487HIGHCURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price FunctionEPSS 0.7%CVE-2025-25246HIGHNETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users.EPSS 0.7%CVE-2025-8417HIGHCatalog Importer, Scraper & Crawler <= 5.1.4 - Unauthenticated PHP Code InjectionEPSS 0.7%CVE-2023-1030MEDIUMSourceCodester/code-projects Online Boat Reservation System POST Parameter login.php cross site scriptingEPSS 0.7%CVE-2024-3785MEDIUMImproper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirbackEPSS 0.7%CVE-2024-3786MEDIUMImproper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirbackEPSS 0.7%CVE-2024-41623CRITICALAn issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payloaEPSS 0.7%CVE-2023-40606CRITICALWordPress Kanban Boards for WordPress Plugin <= 2.5.21 is vulnerable to Arbitrary Code ExecutionEPSS 0.7%CVE-2024-57609HIGHAn issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive information and execute arbitrary code via EPSS 0.7%CVE-2023-27897MEDIUMCode Injection vulnerability in SAP CRMEPSS 0.7%CVE-2025-45947CRITICALAn issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php filEPSS 0.7%