Falhas do tipo CWE-94
3.777 resultadosCVE-2026-9072HIGHWebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]EPSS 0.4%CVE-2026-6110MEDIUMFoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injectionEPSS 0.4%CVE-2024-29513HIGHAn issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code withEPSS 0.4%CVE-2026-25879CRITICALLangroid has Prompt to SQL Injection, Leading to RCEEPSS 0.4%CVE-2026-0498CRITICALCode Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise)EPSS 0.4%CVE-2026-24937HIGHWordPress Broadcast Live Video plugin < 7.1.3 - Remote Code Execution (RCE) vulnerabilityEPSS 0.4%CVE-2024-30878MEDIUMA cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtaiEPSS 0.4%CVE-2024-11493MEDIUM115cms pageAE.html cross site scriptingEPSS 0.4%CVE-2025-2123MEDIUMGeSHi CSS cssgen.php get_var cross site scriptingEPSS 0.4%CVE-2026-1744MEDIUMD-Link DSL-6641K sp_pppoe_user.js doSubmitPPP cross site scriptingEPSS 0.4%CVE-2025-29661HIGHLitepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run.EPSS 0.4%CVE-2026-3309MEDIUMPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing FieldsEPSS 0.4%CVE-2026-23498HIGHShopware Improper Control of Generation of Code in Twig rendered viewsEPSS 0.4%CVE-2025-1612MEDIUMEdimax BR-6288ACL wireless5g_basic.asp cross site scriptingEPSS 0.4%CVE-2025-8366MEDIUMPortabilis i-Educar educar_servidor_lst.php cross site scriptingEPSS 0.4%CVE-2025-58766CRITICALDyad Vulnerable to Remote Code Execution via Top-level Navigation in Preview WindowEPSS 0.4%CVE-2026-31225HIGHThe superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The _parse_op_paEPSS 0.4%CVE-2023-26107MEDIUMAll versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametriEPSS 0.4%CVE-2024-48744MEDIUMA Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management SystemEPSS 0.4%CVE-2025-13642MEDIUMProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode ExecutionEPSS 0.4%