Weaknesses of type CWE-74

4,124 results

CVE-2013-2251CRITICALApache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:,EPSS 100.0%KEV CVE-2023-22527CRITICALA template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE EPSS 100.0%KEV CVE-2022-46169CRITICALUnauthenticated Command InjectionEPSS 99.8%KEV CVE-2022-35914CRITICAL/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.EPSS 99.5%KEV CVE-2019-17558HIGHApache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template canEPSS 98.6%KEV CVE-2021-44832MEDIUMApache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configurationEPSS 97.9%CVE-2022-43769HIGHHitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)EPSS 97.7%KEV CVE-2024-10914CRITICALD-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injectionEPSS 97.4%CVE-2025-20281CRITICALCisco ISE API Unauthenticated Remote Code Execution VulnerabilityEPSS 96.7%KEV CVE-2023-37462CRITICALImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-skin-uiEPSS 91.3%CVE-2020-17496CRITICALvBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panelEPSS 87.7%KEV CVE-2022-2992CRITICALA vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated usEPSS 86.2%CVE-2019-11581CRITICALThere was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail aEPSS 84.6%KEV CVE-2022-27924HIGHZimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instaEPSS 84.6%KEV CVE-2021-38294—Shell Command Injection Vulnerability in Nimbus Thrift ServerEPSS 84.5%CVE-2023-36469CRITICALCode injection through NotificationRSSService in XWiki PlatformEPSS 82.7%CVE-2024-10915CRITICALD-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injectionEPSS 79.1%CVE-2023-29525CRITICALPrivilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platformEPSS 77.8%CVE-2023-22621CRITICALStrapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the serveEPSS 76.8%CVE-2024-22319HIGHIBM Operational Decision Manager JDNI injectionEPSS 76.4%

← previouspage 1 / 207next →