Falhas do tipo CWE-94
3.777 resultadosCVE-2024-11102MEDIUMSourceCodester Hospital Management System edit-doc.php cross site scriptingEPSS 0.4%CVE-2024-31396MEDIUMCode injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3EPSS 0.4%CVE-2025-0458MEDIUMVirtual Computer Vysual RH Solution Login Panel index.php cross site scriptingEPSS 0.4%CVE-2025-43010HIGHCode injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL))EPSS 0.4%CVE-2026-25470CRITICALWordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerabilityEPSS 0.4%CVE-2024-12665MEDIUMruifang-tech Rebuild Task Comment Attachment Upload cross site scriptingEPSS 0.4%CVE-2024-12995MEDIUMruifang-tech Rebuild Project Tasks Section tasks cross site scriptingEPSS 0.4%CVE-2025-15148MEDIUMCmsEasy Backend Template Management template_admin.php savetemp_action code injectionEPSS 0.4%CVE-2024-11240MEDIUMIBPhoenix ibWebAdmin Banco de Dados Tab database.php cross site scriptingEPSS 0.4%CVE-2025-10794MEDIUMPHPGurukul Car Rental Project search.php cross site scriptingEPSS 0.4%CVE-2024-25077CRITICALAn issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flaEPSS 0.4%CVE-2025-3554MEDIUMphpshe api.php cross site scriptingEPSS 0.4%CVE-2026-10904HIGHInappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandEPSS 0.4%CVE-2026-40316HIGHOWASP BLT has RCE in Github Actions via untrusted Django model execution in workflowEPSS 0.4%CVE-2026-10928HIGHScript injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML EPSS 0.4%CVE-2025-0800MEDIUMSourceCodester Online Courseware Edit Teacher saveeditt.php cross site scriptingEPSS 0.4%CVE-2026-39087MEDIUMntfy before 2.22.0 allows SSRF because of an unanchored regular expression for web push endpoint URLs.EPSS 0.4%CVE-2024-13142MEDIUMZeroWdd studentmanager RoleController. java submitAddRole cross site scriptingEPSS 0.4%CVE-2025-8878MEDIUMPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.4%CVE-2025-61136HIGHA Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4.3 allows remote attackers to conduct passwEPSS 0.4%