Falhas do tipo CWE-94

3.767 resultados
CVE-2024-23278HIGHThe issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14EPSS 0.5%CVE-2026-58116CRITICALLLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model PathEPSS 0.5%CVE-2026-27952HIGHAgenta has Python Sandbox Escape, Leading to Remote Code Execution (RCE)EPSS 0.5%CVE-2023-41984The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS MEPSS 0.5%CVE-2025-0844MEDIUMneedyamin Library Card System Registration Page signup.php cross site scriptingEPSS 0.5%CVE-2024-12979MEDIUMcode-projects Job Recruitment _all_edits.php cn_update cross site scriptingEPSS 0.5%CVE-2026-29103CRITICALSuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner BypassEPSS 0.5%CVE-2023-3401MEDIUMImproper Control of Generation of Code ('Code Injection') in GitLabEPSS 0.5%CVE-2024-12980MEDIUMcode-projects Job Recruitment _all_edits.php fln_update cross site scriptingEPSS 0.5%CVE-2026-35086MEDIUMApache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email servicesEPSS 0.5%CVE-2025-41717HIGHConfig-Upload Code InjectionEPSS 0.5%CVE-2025-1465LOWlmxcms Maintenance db.inc.php code injectionEPSS 0.5%CVE-2024-11733HIGHWordPress Popular Posts <= 7.1.0 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2025-58372HIGHRoo Code: Potential Remote Code Execution via .code-workspaceEPSS 0.5%CVE-2026-44495HIGHAxios: Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config MergeEPSS 0.5%CVE-2023-5512MEDIUMImproper Control of Generation of Code ('Code Injection') in GitLabEPSS 0.5%CVE-2025-56588HIGHDolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution (RCE) vulnerability in the User module configuration via the cEPSS 0.5%CVE-2026-56382HIGHCraft CMS - Remote Code Execution via Missing Config Sanitization in FieldsControllerEPSS 0.5%CVE-2024-10263HIGHTickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2024-23921HIGHChargePoint Home Flex Command InjectionEPSS 0.5%