Weaknesses of type CWE-94

3,777 results
CVE-2026-41149MEDIUMMermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injectionEPSS 0.4%CVE-2026-26056HIGHArbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATCEPSS 0.4%CVE-2025-0220MEDIUMTrimble SPS851 Ethernet Configuration Menu cross site scriptingEPSS 0.4%CVE-2025-48123CRITICALWordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Remote Code Execution (RCE) VulnerabilityEPSS 0.4%CVE-2024-6936MEDIUMformtools.org Form Tools Setting code injectionEPSS 0.4%CVE-2025-0301MEDIUMcode-projects Online Book Shop subcat.php cross site scriptingEPSS 0.4%CVE-2025-59302MEDIUMApache CloudStack: Potential remote code execution on Javascript engine defined rulesEPSS 0.4%CVE-2024-12846MEDIUMEmlog Pro link.php cross site scriptingEPSS 0.4%CVE-2026-41159MEDIUMMermaid: Improper sanitization of configuration leads to CSS injectionEPSS 0.4%CVE-2026-3054MEDIUMAlinto SOGo cross site scriptingEPSS 0.4%CVE-2024-12536MEDIUMSourceCodester Kortex Lite Advocate Office Management System client_data.php cross site scriptingEPSS 0.4%CVE-2026-32414HIGHWordPress Advanced Woo Labels plugin <= 2.36 - Remote Code Execution (RCE) vulnerabilityEPSS 0.4%CVE-2021-22282HIGHRCE in B&R Automation Studio with crafted project filesEPSS 0.4%CVE-2025-10394MEDIUMfcba_zzm ics-park Smart Park Management System Scheduled Task JobController.java code injectionEPSS 0.4%CVE-2026-32367CRITICALWordPress Modal Dialog plugin <= 3.5.16 - Remote Code Execution (RCE) vulnerabilityEPSS 0.4%CVE-2026-27436CRITICALWordPress Five Star Business Profile and Schema plugin <= 2.3.19 - Arbitrary Code Execution vulnerabilityEPSS 0.4%CVE-2025-0397MEDIUMreckcn SPPanAdmin edit cross site scriptingEPSS 0.4%CVE-2025-8535MEDIUMcronoh NanoVault xrb URL main.js executeJavaScript cross site scriptingEPSS 0.4%CVE-2025-4939MEDIUMPHPGurukul Credit Card Application Management System new-ccapplication.php cross site scriptingEPSS 0.4%CVE-2024-46961HIGHThe Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to exEPSS 0.4%