Fallos del tipo CWE-94

3774 resultados
CVE-2026-41246HIGHContour: Lua code injection via Cookie Path Rewrite PolicyEPSS 0.5%CVE-2025-14324CRITICALJIT miscompilation in the JavaScript Engine: JIT componentEPSS 0.5%CVE-2024-37777HIGHO2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function.EPSS 0.5%CVE-2025-4470MEDIUMSourceCodester Online Student Clearance System add-student.php cross site scriptingEPSS 0.5%CVE-2025-4461MEDIUMTOTOLINK N150RT Virtual Server Page cross site scriptingEPSS 0.5%CVE-2025-5177MEDIUMRealce Tecnologia Queue Ticket Kiosk Admin Login Page index.php cross site scriptingEPSS 0.5%CVE-2026-41229CRITICALFroxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)EPSS 0.5%CVE-2025-4469MEDIUMSourceCodester Online Student Clearance System add-admin.php cross site scriptingEPSS 0.5%CVE-2024-37855HIGHAn issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute aEPSS 0.5%CVE-2026-34060HIGHRuby LSP has arbitrary code execution through branch settingEPSS 0.5%CVE-2024-12238MEDIUMNinja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2025-66580CRITICALDive has Cross-Site Scripting vulnerability that can escalate to Remote Code ExecutionEPSS 0.5%CVE-2025-14541HIGHLucky Wheel Giveaway <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' ParameterEPSS 0.5%CVE-2024-4037MEDIUMWP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2026-44717CRITICALMCP Calculate Server: Prompt Injection to RCEEPSS 0.5%CVE-2024-4194MEDIUMAlbum and Image Gallery plus Lightbox <= 2.0 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2025-59823CRITICALGardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioningEPSS 0.5%CVE-2025-15540HIGHAuthenticated RCE in Raytha CMSEPSS 0.5%CVE-2023-51320MEDIUMPHPJabbers Night Club Booking Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. ThEPSS 0.5%CVE-2025-11548CRITICALibi WebFOCUS - Unauthenticated RCE VulnerabilityEPSS 0.5%