Falhas do tipo CWE-94
3.766 resultadosCVE-2026-44336CRITICALPraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injectionEPSS 0.6%CVE-2024-37743CRITICALAn issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component.EPSS 0.6%CVE-2024-41961CRITICALElektra vulnerable to remote code execution in universal searchEPSS 0.6%CVE-2024-11243MEDIUMcode-projects Online Shop Store signup.php cross site scriptingEPSS 0.6%CVE-2025-37099CRITICALA remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.EPSS 0.6%CVE-2025-25467CRITICALInsufficient tracking and releasing of allocated used memory in libx264 git master allows attackers to execute arbitrary code via creating aEPSS 0.6%CVE-2023-6051MEDIUMImproper Control of Generation of Code ('Code Injection') in GitLabEPSS 0.6%CVE-2025-35036MEDIUMhibernate-validator insecure default Expression Language interpolationEPSS 0.6%CVE-2024-48962HIGHApache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE)EPSS 0.6%CVE-2025-26003CRITICALTelesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setEPSS 0.6%CVE-2024-3995LOWCommand Injection in Helix ALMEPSS 0.6%CVE-2025-70995HIGHAn issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper vEPSS 0.6%CVE-2024-3788MEDIUMImproper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirbackEPSS 0.6%CVE-2021-22117—RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with suffiEPSS 0.6%CVE-2024-21737HIGHCode Injection vulnerability in SAP Application Interface Framework (File Adapter)EPSS 0.6%CVE-2025-3115CRITICALSpotfire Data Function VulnerabilityEPSS 0.6%CVE-2024-50808HIGHSeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module,EPSS 0.6%CVE-2023-41783MEDIUMCommand Injection Vulnerability of ZTE's ZXCLOUD iRAIEPSS 0.6%CVE-2024-3787MEDIUMImproper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirbackEPSS 0.6%CVE-2024-53561HIGHA remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via aEPSS 0.6%