Falhas do tipo CWE-94
3.719 resultadosCVE-2021-42694HIGHAn issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to proEPSS 4.5%CVE-2019-1157HIGHJet Database Engine Remote Code Execution VulnerabilityEPSS 4.5%CVE-2017-16042—Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing foEPSS 4.4%CVE-2024-11613CRITICALWordPress File Upload <= 4.24.15 - Unauthenticated Remote Code Execution, Arbitrary File Read, and Arbitrary File DeletionEPSS 4.4%CVE-2026-20045HIGHCisco Unified Communications Products Remote Code Execution VulnerabilityEPSS 4.3%KEVCVE-2020-8137—Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attackerEPSS 4.2%CVE-2025-62521CRITICALChurchCRM has unauthenticated RCE in its Install WizardEPSS 4.2%CVE-2025-23209HIGHPotential RCE with a compromised security key in craft/cmsEPSS 4.1%KEVCVE-2021-41269CRITICALUnauthenticated remote code injection in cron-utilsEPSS 4.0%CVE-2020-5258HIGHPrototype pollution in dojoEPSS 4.0%CVE-2026-40466HIGHApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URIEPSS 4.0%CVE-2026-42607CRITICALGrav: Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install FeatureEPSS 3.9%CVE-2023-0877CRITICAL Code Injection in froxlor/froxlorEPSS 3.9%CVE-2024-46507HIGHA SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attaEPSS 3.9%CVE-2025-42880CRITICALCode Injection vulnerability in SAP Solution ManagerEPSS 3.9%CVE-2005-3302HIGHEval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in aEPSS 3.9%CVE-2019-7610—Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpaEPSS 3.9%CVE-2024-39844CRITICALIn ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.EPSS 3.9%CVE-2011-10019CRITICALSpreecommerce < 0.60.2 Search Parameter RCEEPSS 3.8%CVE-2017-14853HIGHThe Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a dEPSS 3.8%