Falhas do tipo CWE-94

3.764 resultados
CVE-2024-2610MEDIUMUsing a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. TEPSS 0.7%CVE-2022-34663HIGHA vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC,EPSS 0.7%CVE-2023-47032CRITICALPassword Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserSeEPSS 0.7%CVE-2025-10097MEDIUMSimStudioAI sim route.ts code injectionEPSS 0.7%CVE-2025-46059CRITICALlangchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability EPSS 0.7%CVE-2024-57707CRITICALAn issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.EPSS 0.7%CVE-2023-40313HIGHDisable BeanShell Interpreter Remote Server ModeEPSS 0.7%CVE-2025-29401CRITICALAn arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code viaEPSS 0.7%CVE-2023-32626Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log inEPSS 0.7%CVE-2024-32599CRITICALWordPress WP Dummy Content Generator plugin <= 3.2.1 - Arbitrary Code Execution vulnerabilityEPSS 0.7%CVE-2025-46818MEDIUMRedis: Authenticated users can execute LUA scripts as a different userEPSS 0.7%CVE-2023-7148MEDIUMShifuML shifu Java Expression Language DataPurifier.java code injectionEPSS 0.7%CVE-2024-32680HIGHWordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerabilityEPSS 0.7%CVE-2024-56334HIGHCommand injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformationEPSS 0.7%CVE-2025-42922CRITICALInsecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service)EPSS 0.7%CVE-2024-48070CRITICALAn issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution,EPSS 0.7%CVE-2022-2014CRITICALCode Injection in jgraph/drawioEPSS 0.7%CVE-2020-36870CRITICALRuijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCEEPSS 0.7%CVE-2024-12900MEDIUMFoxCMS Configuration File installdb.php code injectionEPSS 0.7%CVE-2025-26260HIGHPlenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as jEPSS 0.7%