Fallos del tipo CWE-94

3766 resultados
CVE-2025-8550MEDIUMatjiu pybbs list cross site scriptingEPSS 0.6%CVE-2026-4963MEDIUMhuggingface smolagents Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_with code injectionEPSS 0.6%CVE-2026-26699HIGHsourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/admin_change_picture.php.EPSS 0.6%CVE-2024-10910HIGHGrid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_categoryEPSS 0.6%CVE-2025-29281HIGHIn PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitraryEPSS 0.6%CVE-2024-22123LOWZabbix Arbitrary File ReadEPSS 0.6%CVE-2025-52122CRITICALFreeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitEPSS 0.6%CVE-2025-0618MEDIUMA malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamperEPSS 0.6%CVE-2023-43792MEDIUMbaserCMS Code Injection Vulnerability in Mail Form FeatureEPSS 0.6%CVE-2024-26362HIGHHTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML coEPSS 0.6%CVE-2025-4858MEDIUMD-Link DAP-2695 ARP Spoofing Prevention Page adv_arpspoofing.php cross site scriptingEPSS 0.6%CVE-2026-48836CRITICALWordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerabilityEPSS 0.6%CVE-2025-4860MEDIUMD-Link DAP-2695 Static Pool Settings Page adv_dhcps.php cross site scriptingEPSS 0.6%CVE-2024-34225MEDIUMCross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allowEPSS 0.6%CVE-2026-32304CRITICALLocutus: RCE via unsanitized input in create_function()EPSS 0.6%CVE-2023-0598HIGHGE Digital Proficy Code InjectionEPSS 0.6%CVE-2022-4455MEDIUMsproctor php-calendar index.php cross site scriptingEPSS 0.6%CVE-2025-0557MEDIUMHyland Alfresco Community Edition URL s cross site scriptingEPSS 0.6%CVE-2024-11002MEDIUMInPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_templateEPSS 0.6%CVE-2024-7419HIGHWP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export FieldsEPSS 0.6%