Falhas do tipo CWE-74

4.248 resultados
CVE-2026-3955MEDIUMelecV2P jsfile Endpoint wbjs.js runJSFile code injectionEPSS 0.2%CVE-2026-1977MEDIUMisaacwasserman mcp-vegalite-server visualize_data eval code injectionEPSS 0.2%CVE-2026-3968MEDIUMAutohomeCorp frostmourne Oracle Nashorn JavaScript ExpressionRule.java scriptEngine.eval code injectionEPSS 0.2%CVE-2026-10210MEDIUMAstrBotDevs AstrBot skill_manager.py _sanitize_prompt_description injectionEPSS 0.2%CVE-2026-4506MEDIUMMindinventory MindSQL mindsql_core.py ask_db code injectionEPSS 0.2%CVE-2026-8993MEDIUMImproper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacksEPSS 0.2%CVE-2026-41885MEDIUMPath traversal / URL injection via unsanitised lng/ns/projectId/version in i18next-locize-backendEPSS 0.2%CVE-2026-41319MEDIUMMailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgradeEPSS 0.2%CVE-2026-39419LOWMaxKB: Sandbox Result Validation Bypass via Tool Output SpoofingEPSS 0.2%CVE-2023-3665MEDIUM A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI componentEPSS 0.2%CVE-2025-10399MEDIUMKorzh EasyQuery Query Builder UI fetch sql injectionEPSS 0.2%CVE-2026-7688LOWDolibarr ERP CRM Shipments API Endpoint expedition.class.php _checkValForAPI sql injectionEPSS 0.2%CVE-2026-47162HIGHVim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory nameEPSS 0.2%CVE-2025-5374MEDIUMPHPGurukul Online Birth Certificate System all-applications.php sql injectionEPSS 0.2%CVE-2026-9568LOWThingsBoard YAML provision getGatewayDockerComposeFile code injectionEPSS 0.2%CVE-2025-5375MEDIUMPHPGurukul HPGurukul Online Birth Certificate System registered-users.php sql injectionEPSS 0.2%CVE-2025-24904HIGHlibsignal-service-rs doesn't sanity check plaintext envelopes are not sanity-checkedEPSS 0.2%CVE-2025-3026MEDIUMImproper Neutralization of Special Elements vulnerability in EJBCAEPSS 0.2%CVE-2026-13495MEDIUMitsourcecode Hospital Management System adminprofile.php sql injectionEPSS 0.2%CVE-2026-12175MEDIUMCodeAstro Student Attendance Management System createStudents.php sql injectionEPSS 0.2%