Weaknesses of type CWE-94
3,776 resultsCVE-2026-1516MEDIUMImproper Control of Generation of Code ('Code Injection') in GitLabEPSS 0.4%CVE-2026-28425HIGHStatamic vulnerable to remote code execution via Antlers-enabled control panel inputsEPSS 0.4%CVE-2025-10487HIGHAdvanced Ads <= 2.0.12 - Unauthenticated Limited Code ExecutionEPSS 0.4%CVE-2025-53928MEDIUMMaxKB has RCE in MCP callEPSS 0.4%CVE-2024-35581MEDIUMA cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scrEPSS 0.4%CVE-2026-54823CRITICALWordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerabilityEPSS 0.4%CVE-2026-31217CRITICALThe _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377fEPSS 0.4%CVE-2026-38992CRITICALCockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerabilityEPSS 0.4%CVE-2024-13069MEDIUMSourceCodester Multi Role Login System add-user.php cross site scriptingEPSS 0.4%CVE-2024-25706MEDIUMHTMLi at createFolder Content InjectionEPSS 0.4%CVE-2025-48169CRITICALWordPress Code Engine Plugin <= 0.3.3 - Remote Code Execution (RCE) VulnerabilityEPSS 0.4%CVE-2024-27627MEDIUMA reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaSEPSS 0.4%CVE-2026-2582MEDIUMGermanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.4%CVE-2024-12000MEDIUMcode-projects Blood Bank System Setting updatesettings.php cross site scriptingEPSS 0.4%CVE-2024-12183MEDIUMDedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scriptingEPSS 0.4%CVE-2024-12001MEDIUMcode-projects Wazifa System Setting updatesettings.php cross site scriptingEPSS 0.4%CVE-2025-8848MEDIUMHTML Injection in Accept-Language Header in danny-avila/librechatEPSS 0.4%CVE-2025-33183HIGHNVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. AEPSS 0.4%CVE-2023-32418—The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. ProcesEPSS 0.4%CVE-2025-33184HIGHNVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. AEPSS 0.4%