Falhas do tipo CWE-94

3.764 resultados
CVE-2025-1614MEDIUMFiberHome AN5506-01A ONU GPON Port Forwarding Submenu portForwardingCfg cross site scriptingEPSS 0.7%CVE-2024-7899MEDIUMInnoCMS Backend edit code injectionEPSS 0.7%CVE-2024-11036HIGHGamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.1.5 - Unauthenticated Arbitrary Shortcode Execution via gamipress_get_user_earningsEPSS 0.7%CVE-2025-50567CRITICALSaurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecaEPSS 0.7%CVE-2025-22204CRITICALExtension - regularlabs.com - Remote code execution vulnerability in the Sourcerer extensions < 12.0.0 for JoomlaEPSS 0.7%CVE-2026-26332CRITICALvm2: Sandbox EscapeEPSS 0.7%CVE-2021-47964HIGHSchlix CMS 2.2.6-6 Remote Code Execution via core.blockmanagerEPSS 0.7%CVE-2025-22133CRITICALWeGIA Allows Arbitrary File Upload with Remote Code Execution (RCE)EPSS 0.7%CVE-2024-53554HIGHA Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to executEPSS 0.7%CVE-2026-33435HIGHWeblate: Remote code execution during backup restorationEPSS 0.7%CVE-2025-54063HIGHCherry Studio One-click Remote Code Execution Vulnerability through Custom URL HandlingEPSS 0.7%CVE-2024-24278HIGHAn issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted pEPSS 0.7%CVE-2026-33976CRITICALNotesnook vulnerable to RCE via stored XSS in Web Clipper renderingEPSS 0.7%CVE-2024-8268HIGHFrontend Dashboard <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function CallEPSS 0.7%CVE-2025-60785HIGHA remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbiEPSS 0.7%CVE-2024-33443HIGHAn issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php componeEPSS 0.7%CVE-2025-57283HIGHThe Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not proEPSS 0.7%CVE-2025-58745CRITICALWeGIA has a bypass for the fix for CVE-2025-22133 - Arbitrary File Upload leads to Remote Code Execution (RCE)EPSS 0.7%CVE-2024-53303HIGHA remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated aEPSS 0.7%CVE-2025-57141CRITICALrsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc.EPSS 0.7%