Fallos del tipo CWE-94

3773 resultados
CVE-2026-12242HIGHAdRotate Banner Manager <= 5.17.7 - Authenticated (Contributor+) PHP Code Injection via 'banner' Shortcode AttributeEPSS 0.5%CVE-2024-37934MEDIUMWordPress Ninja Forms plugin <= 3.8.4 - Subscriber+ Arbitrary Shortcode Execution vulnerabilityEPSS 0.5%CVE-2023-51331MEDIUMPHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. TheEPSS 0.5%CVE-2022-41882MEDIUMNextcloud Desktop vulnerable to code injection via malicious linkEPSS 0.5%CVE-2024-11012MEDIUMNotibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_textEPSS 0.5%CVE-2024-12417MEDIUMSimple Link Directory <= 8.4.5 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2025-6512CRITICALScripts within reports executable on BRAIN2 ServerEPSS 0.5%CVE-2025-49521HIGHEvent-driven-ansible: template injection via git branch and refspec in eda projectsEPSS 0.5%CVE-2024-12998MEDIUMcode-projects Online Car Rental System GET Parameter index.php cross site scriptingEPSS 0.5%CVE-2026-28783CRITICALCraft has a Twig Function Blocklist BypassEPSS 0.5%CVE-2025-7925MEDIUMPHPGurukul Online Banquet Booking System login.php cross site scriptingEPSS 0.5%CVE-2026-40563HIGHApache Atlas: Script injection allows access to unintended dataEPSS 0.5%CVE-2024-6655HIGHGtk3: gtk2: library injection from cwdEPSS 0.5%CVE-2023-40809MEDIUMOpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.EPSS 0.5%CVE-2024-10094CRITICALPega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of CodeEPSS 0.5%CVE-2025-23186HIGHMixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAPEPSS 0.5%CVE-2026-32276HIGHConnect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study PluginEPSS 0.5%CVE-2025-3397MEDIUMYzmCMS message.tpl cross site scriptingEPSS 0.5%CVE-2024-12415MEDIUMAI Infographic Maker <= 4.9.0 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2026-41523HIGHvLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code ExecutionEPSS 0.5%