Falhas do tipo CWE-94
3.719 resultadosCVE-2025-61260CRITICALA vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context ProtoEPSS 7.1%CVE-2021-36394—In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.EPSS 7.0%CVE-2025-23061CRITICALMongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue existEPSS 7.0%CVE-2026-27174CRITICALMajorDoMo Unauthenticated Remote Code Execution via Admin Console EvalEPSS 7.0%CVE-2024-5466HIGHRemote Code ExecutionEPSS 6.9%CVE-2025-1392MEDIUMD-Link DIR-816 index.html cross site scriptingEPSS 6.8%CVE-2022-47879HIGHA Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classesEPSS 6.7%CVE-2024-25110CRITICALAzure IoT Platform Device SDK Remote Code Execution VulnerabilityEPSS 6.6%CVE-2019-14867HIGHA flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way thEPSS 6.3%CVE-2022-35649—The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter EPSS 6.3%CVE-2026-23523CRITICALDive allows One-click Remote Code Execution through Deep Links for MCP InstallEPSS 6.3%CVE-2024-55964CRITICALAn issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote commandEPSS 6.3%CVE-2017-16544HIGHIn the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of fiEPSS 6.2%CVE-2026-31861HIGHShell Command Injection in Git Routes [CloudCLI UI]EPSS 6.0%CVE-2021-45029—Apache ShenYu 2.4.1 Groovy Code Injection & SpEL InjectionEPSS 6.0%CVE-2020-10055—A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applEPSS 6.0%CVE-2024-29202CRITICALJumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in CeleryEPSS 5.9%CVE-2024-29201CRITICALJumpServer's insecure Ansible playbook validation leads to RCE in CeleryEPSS 5.9%CVE-2016-5402HIGHA code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker wEPSS 5.9%CVE-2026-44262CRITICALScramble: Remote code execution via evaluation of user-controlled input in validation rulesEPSS 5.9%