Falhas do tipo CWE-94

3.719 resultados

CVE-2025-37164CRITICALA remote code execution issue exists in HPE OneView.EPSS 89.7%KEV CVE-2017-8759HIGHMicrosoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious documeEPSS 88.7%KEV CVE-2023-46731CRITICALRemote code execution through the section parameter in Administration as guest in XWiki PlatformEPSS 88.5%CVE-2024-21683HIGHThis High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (EPSS 88.3%CVE-2025-4428HIGHRemote Code ExecutionEPSS 87.5%KEV CVE-2024-25600CRITICALWordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerabilityEPSS 87.5%CVE-2020-8644CRITICALPlaySMS before 1.4.3 does not sanitize inputs from a malicious string.EPSS 86.7%KEV CVE-2023-35813—Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce througEPSS 86.7%CVE-2019-4716CRITICALIBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "adminEPSS 86.4%KEV CVE-2022-40127HIGHApache Airflow <2.4.0 has an RCE in a bash exampleEPSS 85.7%CVE-2023-24955HIGHMicrosoft SharePoint Server Remote Code Execution VulnerabilityEPSS 85.4%KEV CVE-2023-52251HIGHAn issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/EPSS 85.0%CVE-2013-3906HIGHGDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; andEPSS 85.0%KEV CVE-2019-10758CRITICALmongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependeEPSS 84.8%KEV CVE-2026-1340CRITICALA code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.EPSS 84.0%KEV CVE-2019-0193HIGHIn Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in whiEPSS 83.5%KEV CVE-2024-43425HIGHMoodle: remote code execution via calculated question typesEPSS 83.3%CVE-2020-8163—The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument oEPSS 83.1%CVE-2026-1281CRITICALA code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.EPSS 81.2%KEV CVE-2023-22952HIGHIn SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input valiEPSS 80.3%KEV

← anteriorpágina 3 / 186próxima →