Fallos del tipo CWE-94

3767 resultados
CVE-2024-45186CRITICALFileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.EPSS 0.6%CVE-2025-54815HIGHServer-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes.EPSS 0.6%CVE-2024-11660MEDIUMcode-projects Farmacia usuario.php cross site scriptingEPSS 0.6%CVE-2026-7026MEDIUMD-Link DGS-3420 System Information Settings cross site scriptingEPSS 0.6%CVE-2022-42045Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28EPSS 0.6%CVE-2024-10952HIGHAuthors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajaxEPSS 0.6%CVE-2024-30567MEDIUMAn issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network TroublesEPSS 0.6%CVE-2026-31230CRITICALThe Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robEPSS 0.6%CVE-2024-10959HIGHActive Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smthEPSS 0.6%CVE-2026-1929HIGHAdvanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' ParameterEPSS 0.6%CVE-2026-26045HIGHMoodle: moodle: improper validation in file restore functionality leading to remote code executionEPSS 0.6%CVE-2026-32613CRITICALSpinnaker vulnerable to RCE via expression parsing due to unrestricted context handlingEPSS 0.6%CVE-2024-51329HIGHA Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a craEPSS 0.6%CVE-2024-39915CRITICALAuthenticated remote code execution in ThrukEPSS 0.6%CVE-2024-13472HIGHWooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site ScriptingEPSS 0.6%CVE-2024-28593MEDIUMThe Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leadsEPSS 0.6%CVE-2026-0771HIGHLangflow PythonFunction Code Injection Remote Code Execution VulnerabilityEPSS 0.6%CVE-2025-7887MEDIUMZavy86 WikiDocs template.inc.php cross site scriptingEPSS 0.6%CVE-2025-54374HIGHEidos: One-click Remote Code Execution through Custom URL HandlingEPSS 0.6%CVE-2024-52959CRITICALiota C.ai Conversational Platform - Improper Control of Generation of Code ('Code Injection')EPSS 0.6%