Falhas do tipo CWE-94
3.728 resultadosCVE-2024-22274HIGHThe vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCEPSS 2.5%CVE-2021-29461HIGHLFI and possible code execution on discord-recon using tools argumentsEPSS 2.5%CVE-2025-22968CRITICALAn issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictionsEPSS 2.5%CVE-2015-3173—custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.EPSS 2.4%CVE-2023-30404CRITICALAigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd paramEPSS 2.4%CVE-2022-24665CRITICALRemote Code Execution by by Contributor+ users via WordPress gutenberg blockEPSS 2.4%CVE-2023-36789HIGHSkype for Business Remote Code Execution VulnerabilityEPSS 2.4%CVE-2024-57487MEDIUMIn Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker EPSS 2.4%CVE-2026-26831CRITICALtextract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with EPSS 2.4%CVE-2018-19011—CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execuEPSS 2.4%CVE-2021-43811HIGHCode injection via unsafe YAML loadingEPSS 2.4%CVE-2022-31691CRITICALSpring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, BoEPSS 2.4%CVE-2024-28847HIGHSpEL Injection in `PUT /api/v1/events/subscriptions` in OpenMetadataEPSS 2.4%CVE-2024-22899HIGHVinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime funcEPSS 2.4%CVE-2024-38944CRITICALAn issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateFoEPSS 2.4%CVE-2023-49093CRITICALHtmlUnit vulnerable to Remote Code Execution (RCE) via XSTLEPSS 2.4%CVE-2017-1001002—math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name cEPSS 2.4%CVE-2023-25261—Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft EPSS 2.3%CVE-2023-37466CRITICALvm2 Sandbox Escape vulnerabilityEPSS 2.3%CVE-2023-34251CRITICALGrav Server Side Template Injection vulnerabilityEPSS 2.3%