Falhas do tipo CWE-94
3.764 resultadosCVE-2026-23946MEDIUMTendenci has Authenticated Remote Code Execution via Pickle DeserializationEPSS 0.7%CVE-2024-30858CRITICALnetentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php.EPSS 0.7%CVE-2023-26322HIGHGetApps application has code execution vulnerabilityEPSS 0.7%CVE-2025-7901MEDIUMyangzongzhuan RuoYi Swagger UI index.html cross site scriptingEPSS 0.7%CVE-2023-31493MEDIUMRCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while exeEPSS 0.7%CVE-2025-21187HIGHMicrosoft Power Automate Remote Code Execution VulnerabilityEPSS 0.7%CVE-2024-0866HIGHCheck & Log Email <= 1.0.9 - Unauthenticated Hook InjectionEPSS 0.7%CVE-2025-5396CRITICALBears Backup <= 2.0.0 - Unauthenticated Remote Code ExecutionEPSS 0.7%CVE-2024-46080HIGHScriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function.EPSS 0.7%CVE-2025-46581CRITICALZTE ZXCDN product has a Struts RCE VulnerabilityEPSS 0.7%CVE-2025-53867CRITICALIsland Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.EPSS 0.7%CVE-2023-39593MEDIUMInsecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated prEPSS 0.7%CVE-2024-1490HIGHWago: Vulnerability in WBM through Open VPNEPSS 0.7%CVE-2025-25362CRITICALA Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a craftedEPSS 0.7%CVE-2024-11034HIGHRequest a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_formEPSS 0.7%CVE-2026-25077HIGHApache CloudStack: Unauthenticated Command Injection in Direct Download TemplatesEPSS 0.7%CVE-2024-37849CRITICALA SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the usEPSS 0.7%CVE-2024-55028CRITICALA template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a craftedEPSS 0.7%CVE-2025-23298HIGHNVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injecEPSS 0.7%CVE-2026-58449CRITICALtxtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function ParameterEPSS 0.7%