Falhas do tipo CWE-94

3.759 resultados
CVE-2023-27744HIGHAn issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remotEPSS 0.8%CVE-2024-0196MEDIUMMagic-Api code injectionEPSS 0.8%CVE-2024-27191HIGHWordPress Slivery Extender plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerabilityEPSS 0.8%CVE-2024-8864MEDIUMcomposiohq composio calculator.py Calculator code injectionEPSS 0.8%CVE-2026-46442CRITICALFlowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox EscapeEPSS 0.8%CVE-2026-26720CRITICALAn issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module.EPSS 0.8%CVE-2026-2586CRITICALAn authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the pEPSS 0.8%CVE-2026-25755HIGHjsPDF has PDF Object Injection via Unsanitized Input in addJS MethodEPSS 0.8%CVE-2024-57401CRITICALSQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot PassEPSS 0.8%CVE-2023-43449HIGHAn issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the EPSS 0.8%CVE-2025-3642HIGHMoodle: authenticated remote code execution risk in the moodle lms equella repositoryEPSS 0.8%CVE-2025-30067HIGHApache Kylin: The remote code execution via jdbc urlEPSS 0.8%CVE-2026-44006CRITICALvm2: Sandbox EscapeEPSS 0.8%CVE-2024-22988CRITICALZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the EPSS 0.8%CVE-2024-29477HIGHLack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the netEPSS 0.8%CVE-2026-30120CRITICALremotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability.EPSS 0.8%CVE-2024-48204CRITICALSQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted EPSS 0.8%CVE-2023-6125MEDIUMCode Injection in salesagility/suitecrmEPSS 0.8%CVE-2026-8838CRITICALRemote Code Execution via eval() Injection in amazon-redshift-python-driverEPSS 0.8%CVE-2024-56518CRITICALHazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML documEPSS 0.8%