Falhas do tipo CWE-94

3.777 resultados
CVE-2024-13689MEDIUMUncode Core <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_mediasEPSS 0.4%CVE-2026-41134HIGHKiota: Code Generation Literal InjectionEPSS 0.4%CVE-2024-44757HIGHAn arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers EPSS 0.4%CVE-2022-32897HIGHA memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously craftEPSS 0.4%CVE-2025-1586MEDIUMcode-projects Blood Bank System A-.php cross site scriptingEPSS 0.4%CVE-2023-51797MEDIUMBuffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showEPSS 0.4%CVE-2024-6206HIGHA security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerabiliEPSS 0.4%CVE-2025-6744HIGHWoodmart <= 8.2.3 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.4%CVE-2024-13738HIGHMotors - Car Dealer, Rental & Listing WordPress theme <= 5.6.65 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.4%CVE-2025-1967MEDIUMcode-projects Blood Bank Management System donor.php cross site scriptingEPSS 0.4%CVE-2025-2377MEDIUMSourceCodester Vehicle Management System confirmbooking.php cross site scriptingEPSS 0.4%CVE-2024-24520HIGHAn issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.EPSS 0.4%CVE-2024-11259MEDIUMcode-projects Farmacia fornecedores.php cross site scriptingEPSS 0.4%CVE-2025-62959CRITICALWordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Remote Code Execution (RCE) vulnerabilityEPSS 0.4%CVE-2025-0795MEDIUMESAFENET CDG todolistjump.jsp cross site scriptingEPSS 0.4%CVE-2025-0794MEDIUMESAFENET CDG todoDetail.jsp cross site scriptingEPSS 0.4%CVE-2025-9539HIGHAutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress <= 5.3.6 - Missing Authorization To Authenticated (Subscriber+) Remote Code Execution via Automation CreationEPSS 0.4%CVE-2025-69983HIGHFUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox uEPSS 0.4%CVE-2022-40274HIGHGridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown fiEPSS 0.4%CVE-2024-11102MEDIUMSourceCodester Hospital Management System edit-doc.php cross site scriptingEPSS 0.4%