Falhas do tipo CWE-94

3.766 resultados
CVE-2024-25096CRITICALWordPress canto plugin <= 3.0.7 - Unauth. Remote Code Execution (RCE) vulnerabilityEPSS 0.7%CVE-2023-6126MEDIUMCode Injection in salesagility/suitecrmEPSS 0.7%CVE-2025-5333CRITICALUnauthenticated Remote Code Execution in IT Management SuiteEPSS 0.7%CVE-2026-33646CRITICALmise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)EPSS 0.7%CVE-2023-44392HIGHArbitrary code execution vulnerability when using shared Kubernetes clusterEPSS 0.7%CVE-2023-21569MEDIUMAzure DevOps Server Spoofing VulnerabilityEPSS 0.7%CVE-2024-27793MEDIUMThe issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected apEPSS 0.7%CVE-2025-6213HIGHNginx Cache Purge Preload <= 2.1.1 - Authenticated (Administrator+) Remote Code ExecutionEPSS 0.7%CVE-2010-5153MEDIUMRace condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute EPSS 0.7%CVE-2024-8880MEDIUMplaySMS Template index.php code injectionEPSS 0.7%CVE-2026-1829HIGHContent Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code ExecutionEPSS 0.7%CVE-2022-3713HIGHA code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than versiEPSS 0.7%CVE-2024-11699HIGHMemory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruptionEPSS 0.7%CVE-2024-44758CRITICALAn arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to EPSS 0.7%CVE-2023-25054CRITICALWordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Remote Code Execution (RCE)EPSS 0.7%CVE-2024-25918CRITICALWordPress InstaWP Connect plugin <= 0.1.0.8 - Remote Code Execution vulnerabilityEPSS 0.7%CVE-2025-10057HIGHWP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code InjectionEPSS 0.7%CVE-2026-39465CRITICALWordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE) vulnerabilityEPSS 0.7%CVE-2026-30694CRITICALAn issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter componentEPSS 0.7%CVE-2026-23852MEDIUMSiYuan vulnerable to Stored XSS / RCE via `setBlockAttrs` icon attributeEPSS 0.7%