Falhas do tipo CWE-94
3.764 resultadosCVE-2026-58449CRITICALtxtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function ParameterEPSS 0.7%CVE-2024-48235MEDIUMAn issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file.EPSS 0.7%CVE-2024-48236MEDIUMAn issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of tEPSS 0.7%CVE-2024-40552HIGHPublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptEPSS 0.7%CVE-2024-40546HIGHAn arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrEPSS 0.7%CVE-2026-8931CRITICALCritical RCE vulnerability in Disig Web SignerEPSS 0.7%CVE-2024-32491CRITICALAn issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file EPSS 0.7%CVE-2026-27498CRITICALn8n has Arbitrary Command Execution via File Write and Git OperationsEPSS 0.7%CVE-2025-28893CRITICALWordPress Visual Text Editor plugin <= 1.2.1 - Remote Code Execution (RCE) vulnerabilityEPSS 0.7%CVE-2019-5443—A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= EPSS 0.7%CVE-2024-45874CRITICALA DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafteEPSS 0.7%CVE-2024-45873CRITICALA DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a craEPSS 0.7%CVE-2026-30402CRITICALAn issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection functionEPSS 0.7%CVE-2026-39337CRITICALChurchCRM Affected by Unauthenticated RCE in Install WizardEPSS 0.7%CVE-2024-12908MEDIUMDelinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handler function,EPSS 0.7%CVE-2024-24230HIGHKomm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackerEPSS 0.7%CVE-2025-31330CRITICALCode Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)EPSS 0.7%CVE-2026-35171CRITICALArbitrary Code Execution via Malicious Logging Configuration in KedroEPSS 0.7%CVE-2025-1613MEDIUMFiberHome AN5506-01A ONU GPON URL Filtering Submenu URL_filterCfg cross site scriptingEPSS 0.7%CVE-2024-28424HIGHzenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializEPSS 0.7%