Falhas do tipo CWE-94

3.767 resultados
CVE-2025-2421CRITICALRemote Code Execution in Profelis Informatics' SambaBoxEPSS 0.5%CVE-2026-27574CRITICALOneUptime: node:vm sandbox escape in probe allows any project member to achieve RCEEPSS 0.5%CVE-2026-42298CRITICALPostiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.devEPSS 0.5%CVE-2025-2169HIGHWPCS – WordPress Currency Switcher Professional <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2025-1119HIGHAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2023-39445Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execuEPSS 0.5%CVE-2025-8206LOWComodo Dragon IP DNS Leakage Detector cross site scriptingEPSS 0.5%CVE-2026-8429HIGHSPIP < 4.4.14 Remote Code Execution via Private SpaceEPSS 0.5%CVE-2025-4460MEDIUMTOTOLINK N150RT URL Filtering Page cross site scriptingEPSS 0.5%CVE-2026-10561CRITICALUnauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins InjectionEPSS 0.5%CVE-2024-13792HIGHWooCommerce Food - Restaurant Menu & Food ordering <= 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via idsEPSS 0.5%CVE-2024-13797HIGHPressMart - Modern Elementor WooCommerce WordPress Theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2024-24469HIGHCross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.EPSS 0.5%CVE-2024-13345HIGHAvada Builder <= 3.11.13 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2024-55918MEDIUMAn issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. There is an ambiguity between modules and filenames that EPSS 0.5%CVE-2023-41005An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UEPSS 0.5%CVE-2024-39002MEDIUMrjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackerEPSS 0.5%CVE-2026-44291HIGHprotobufjs: Code generation gadget after prototype pollutionEPSS 0.5%CVE-2026-34916HIGHA missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user tEPSS 0.5%CVE-2024-12503MEDIUMClassCMS Model Management Page admin cross site scriptingEPSS 0.5%