Falhas do tipo CWE-94

3.766 resultados
CVE-2024-55529CRITICALZ-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.EPSS 0.6%CVE-2024-1705MEDIUMShopwind Installation DefaultController.php actionCreate code injectionEPSS 0.6%CVE-2024-9324MEDIUMIntelbras InControl Relatório de Operadores Page operador code injectionEPSS 0.6%CVE-2025-30580CRITICALWordPress DigiWidgets Image Editor plugin <= 1.10 - Remote Code Execution (RCE) VulnerabilityEPSS 0.6%CVE-2026-7841HIGHGV-ASWeb Remote Code Execution (RCE) vulnerabilityEPSS 0.6%CVE-2024-6947MEDIUMFlute CMS Notification ContentParser.php replaceContent code injectionEPSS 0.6%CVE-2024-54724CRITICALPHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.EPSS 0.6%CVE-2023-26060MEDIUMAn issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that hEPSS 0.6%CVE-2024-7345HIGHDirect local client connections to MS Agents can bypass authenticationEPSS 0.6%CVE-2026-31379MEDIUMApache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog ManagerEPSS 0.6%CVE-2026-22686CRITICALSandbox Escape via Host Error Prototype Chain in enclave-vmEPSS 0.6%CVE-2026-41512CRITICALRemote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService`EPSS 0.6%CVE-2023-39157CRITICALWordPress JetElements For Elementor Plugin <= 2.6.10 is vulnerable to Remote Code Execution (RCE)EPSS 0.6%CVE-2024-9837HIGHAADMY – Add Auto Date Month Year Into Posts <= 2.0.1 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.6%CVE-2025-1011CRITICALA bug in WebAssembly code generation could result in a crashEPSS 0.6%CVE-2023-46623CRITICALWordPress WP EXtra Plugin <= 6.2 is vulnerable to Remote Code Execution (RCE)EPSS 0.6%CVE-2024-10899HIGHWooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site ScriptingEPSS 0.6%CVE-2025-1510HIGHCustom Post Type Date Archives <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.6%CVE-2024-13929HIGHAuthenticated Servlet Command InjectionEPSS 0.6%CVE-2026-0969HIGHArbitrary code execution in React server-side rendering of untrusted MDX contentEPSS 0.6%