Falhas do tipo CWE-94
3.746 resultadosCVE-2026-33937CRITICALHandlebars.js has JavaScript Injection via AST Type ConfusionEPSS 1.3%CVE-2024-55022HIGHWeintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI NamEPSS 1.3%CVE-2007-5565CRITICALPHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP cEPSS 1.3%CVE-2022-45908CRITICALIn PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winsEPSS 1.3%CVE-2024-21546CRITICALVersions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetyEPSS 1.3%CVE-2024-11600HIGHBorderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.0 - Authenticated (Administrator+) Remote Code ExecutionEPSS 1.3%CVE-2023-46947HIGHSubrion 4.2.1 has a remote command execution vulnerability in the backend.EPSS 1.3%CVE-2025-34079HIGHNSClient++ Authenticated Remote Code Execution via ExternalScripts APIEPSS 1.3%CVE-2023-22889CRITICALSmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution EPSS 1.3%CVE-2023-33472HIGHAn issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalateEPSS 1.3%CVE-2024-41714HIGHA vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MEPSS 1.3%CVE-2023-39660—An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prEPSS 1.3%CVE-2024-21649HIGHRemote code execution EPSS 1.3%CVE-2022-36006HIGHAuthenticated remote code execution due to insecure deserialization (GHSL-2022-063)EPSS 1.3%CVE-2022-3869MEDIUM Code Injection in froxlor/froxlorEPSS 1.3%CVE-2024-40521HIGHSeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certainEPSS 1.3%CVE-2024-41651CRITICALAn issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: thiEPSS 1.3%CVE-2022-42902HIGHIn Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improEPSS 1.3%CVE-2024-31864CRITICALApache Zeppelin: Remote code execution by adding malicious JDBC connection stringEPSS 1.3%CVE-2023-35809—An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified iEPSS 1.3%