Fallos del tipo CWE-94
3768 resultadosCVE-2024-23921HIGHChargePoint Home Flex Command InjectionEPSS 0.5%CVE-2024-46076CRITICALRuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection ofEPSS 0.5%CVE-2024-36361MEDIUMPug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compiEPSS 0.5%CVE-2025-8370MEDIUMPortabilis i-Educar educar_escolaridade_lst.php cross site scriptingEPSS 0.5%CVE-2026-35178CRITICALWorkbench Affected by Remote Code Execution (RCE) via Malicious Cookie in Timezone ConversionEPSS 0.5%CVE-2025-8368MEDIUMPortabilis i-Educar pesquisa_pessoa_lst.php cross site scriptingEPSS 0.5%CVE-2024-4038MEDIUMBack In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2025-66224CRITICALOrangeHRM is Vulnerable to Code Execution Through Arbitrary File Write from Sendmail Parameter InjectionEPSS 0.5%CVE-2025-8369MEDIUMPortabilis i-Educar educar_avaliacao_desempenho_lst.php cross site scriptingEPSS 0.5%CVE-2024-12952MEDIUMmelMass comfy_mtb Dependency endpoint.py run_command code injectionEPSS 0.5%CVE-2026-29102HIGHSuiteCRM has Authenticated RCE in ModulesEPSS 0.5%CVE-2024-8411MEDIUMABCD ABCD2 buscar_integrada.php cross site scriptingEPSS 0.5%CVE-2026-34448CRITICALSiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop clientEPSS 0.5%CVE-2026-33654HIGHZero-Click Indirect Prompt Injection and Authentication Bypass via Email PollingEPSS 0.5%CVE-2025-49581HIGHXWiki allows remote code execution through default value of wiki macro wiki-type parametersEPSS 0.5%CVE-2026-9311CRITICALIBM WebSphere Application Server is affected by remote code executionEPSS 0.5%CVE-2025-1337MEDIUMEastnets PaymentSafe BIC Search cross site scriptingEPSS 0.5%CVE-2025-67944CRITICALWordPress Nelio AB Testing plugin <= 8.1.8 - Arbitrary Code Execution vulnerabilityEPSS 0.5%CVE-2025-67034HIGHAn issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleEPSS 0.5%CVE-2025-29662CRITICALA RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote netwEPSS 0.5%