Fallos del tipo CWE-94

3767 resultados
CVE-2024-45766HIGHDell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerabilEPSS 0.5%CVE-2026-33479HIGHAVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against AdminEPSS 0.5%CVE-2022-23008On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisEPSS 0.5%CVE-2025-51427HIGHAn issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration filEPSS 0.5%CVE-2022-32924HIGHThe issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, EPSS 0.5%CVE-2024-38448CRITICALhtags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may EPSS 0.5%CVE-2024-33335MEDIUMSQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted file.EPSS 0.5%CVE-2024-45198HIGHinsightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, trEPSS 0.5%CVE-2024-45201HIGHAn issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.EPSS 0.5%CVE-2024-45199HIGHinsightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC EPSS 0.5%CVE-2025-67847HIGHMoodle: moodle: remote code execution via insufficient restore input validationEPSS 0.5%CVE-2023-6540MEDIUMA vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payEPSS 0.5%CVE-2025-66299HIGHSecurity Sandbox Bypass with SSTI (Server Side Template Injection) in the Grav CMSEPSS 0.5%CVE-2025-3842MEDIUMpanhainan DS-Java FileUpload.java uploadUserPic.action code injectionEPSS 0.5%CVE-2023-43352An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu compoEPSS 0.5%CVE-2025-67744CRITICALMermaid XSS vulnerability leads to Remote Code ExecutionEPSS 0.5%CVE-2024-13205MEDIUMkurniaramadhan E-Commerce-PHP Create Product Page create_product.php cross site scriptingEPSS 0.5%CVE-2024-53920HIGHIn elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs LEPSS 0.5%CVE-2022-2054HIGHCode Injection in nuitka/nuitkaEPSS 0.5%CVE-2026-30117CRITICALscalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar PrEPSS 0.5%