Falhas do tipo CWE-94

3.767 resultados
CVE-2026-46586HIGHApache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code ExecutionEPSS 0.5%CVE-2024-41712MEDIUMA vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a commaEPSS 0.5%CVE-2024-13495HIGHGamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs FunctionEPSS 0.5%CVE-2025-56399HIGHalexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted fiEPSS 0.5%CVE-2024-9639HIGHAuthenticated Remote Code ExecutionEPSS 0.5%CVE-2024-55504MEDIUMAn issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote coEPSS 0.5%CVE-2024-36075MEDIUMThe CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due tEPSS 0.5%CVE-2025-1978HIGHRemote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance consoleEPSS 0.5%CVE-2026-26954CRITICALSandboxJS has a Sandbox EscapeEPSS 0.5%CVE-2023-5226MEDIUMImproper Control of Generation of Code ('Code Injection') in GitLabEPSS 0.5%CVE-2016-10072MEDIUMWampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authoEPSS 0.5%CVE-2026-42588HIGHApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnectorEPSS 0.5%CVE-2026-22869HIGHEigent Allows Arbitrary Code Execution via pull_request_target CI WorkflowEPSS 0.5%CVE-2026-44887CRITICALUnauthenticated RCE via Python Config File Injection in SaveConfigFile() (Path)EPSS 0.5%CVE-2025-3114CRITICALSpotfire Code Execution VulnerabilityEPSS 0.5%CVE-2025-3563MEDIUMWuzhiCMS Setting index.php set code injectionEPSS 0.5%CVE-2024-9846HIGHEnable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2026-25153HIGH@backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooksEPSS 0.5%CVE-2026-40783CRITICALWordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerabilityEPSS 0.5%CVE-2025-14509HIGHLucky Wheel for WooCommerce – Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional TagsEPSS 0.5%