Falhas do tipo CWE-94
3.799 resultadosCVE-2026-48124HIGHCursor Desktop sandbox escape via Claude hook configurationEPSS 0.1%CVE-2026-0236HIGHPrisma Browser: Code Injection Enables Security Controls BypassEPSS 0.1%CVE-2025-55313HIGHAn issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary codEPSS 0.1%CVE-2026-45555HIGHRoslyn CodeLens MCP Server: Untrusted Roslyn Analyzer Execution via get_diagnostics Leads to Arbitrary Code ExecutionEPSS 0.1%CVE-2026-46432HIGHLMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initializationEPSS 0.1%CVE-2021-25393MEDIUMImproper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access EPSS 0.1%CVE-2026-36365HIGHAn issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary EPSS 0.1%CVE-2026-44698HIGHHome Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injectionEPSS 0.1%CVE-2026-47167MEDIUMVim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regexEPSS 0.1%CVE-2026-1226HIGHCWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the apEPSS 0.1%CVE-2025-63421HIGHAn issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe fileEPSS 0.1%CVE-2026-42890MEDIUMactual Allows Electron to Run As NodeEPSS 0.1%CVE-2026-44728HIGHImproper Control of Generation of Code when compiling specifically crafted malicious code with @babel/plugin-transform-modules-systemjsEPSS 0.1%CVE-2026-23733MEDIUMLobe Chat has Cross-Site Scripting (XSS) issue that may escalate to Remote Code Execution (RCE)EPSS 0.1%CVE-2026-28801MEDIUMNatro Macro: Code Injection through Pattern/Path filesEPSS 0.1%CVE-2021-25416—Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executabEPSS 0.1%CVE-2026-11157MEDIUMScript injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious exEPSS 0.1%CVE-2025-5101MEDIUMImproper Control of Generation of Code ('Code Injection') in GitLabEPSS 0.1%CVE-2024-40671HIGHIn DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission cheEPSS 0.1%CVE-2021-25470HIGHAn improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.EPSS 0.1%