Falhas do tipo CWE-94
3.719 resultadosCVE-2020-36708CRITICALEpsilon Framework Themes (Various Versions) - Function InjectionEPSS 65.3%CVE-2024-4883CRITICALWhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution VulnerabilityEPSS 64.8%CVE-2006-3730HIGHInteger overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and executeEPSS 63.6%CVE-2025-27218MEDIUMSitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserializaEPSS 63.6%CVE-2023-34468HIGHApache NiFi: Potential Code Injection with Database Services using H2EPSS 63.4%CVE-2021-32706HIGH(Authenticated) Remote Code Execution Possible in Web Interface 5.5EPSS 60.2%CVE-2013-0810HIGHMicrosoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute EPSS 59.9%CVE-2024-31621HIGHAn issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 cEPSS 59.9%CVE-2023-3224HIGHCode Injection in nuxt/nuxtEPSS 58.6%CVE-2009-0557HIGHExcel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System EPSS 58.6%KEVCVE-2023-39469HIGHPaperCut NG External User Lookup Code Injection Remote Code Execution VulnerabilityEPSS 58.1%CVE-2018-1275—Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose EPSS 57.6%CVE-2021-25003—WPCargo < 6.9.0 - Unauthenticated RCEEPSS 56.1%CVE-2021-44521—Remote code execution for scripted UDFsEPSS 54.9%CVE-2024-50498CRITICALWordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerabilityEPSS 53.6%CVE-2023-24078HIGHReal Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmEPSS 53.2%CVE-2023-2928MEDIUMDedeCMS article_allowurl_edit.php code injectionEPSS 51.4%CVE-2024-9061HIGHWP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_AddEPSS 51.3%CVE-2021-21480HIGHSAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can inteEPSS 50.9%CVE-2014-4148HIGHwin32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7EPSS 50.7%KEV