Weaknesses of type CWE-94

3,777 results
CVE-2026-38431CRITICALERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email temEPSS 0.4%CVE-2023-6601MEDIUMFfmpeg: hls unsafe file extension bypass in ffmpegEPSS 0.4%CVE-2024-47879HIGHOpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)EPSS 0.4%CVE-2024-13202MEDIUMwander-chu SpringBoot-Blog Blog Article PageController.java modifiyArticle cross site scriptingEPSS 0.4%CVE-2024-12930MEDIUMcode-projects Simple Admin Panel addCatController.php cross site scriptingEPSS 0.4%CVE-2025-4862MEDIUMPHPGurukul Directory Management System searchdata.php cross site scriptingEPSS 0.4%CVE-2024-12932MEDIUMcode-projects Simple Admin Panel addSizeController.php cross site scriptingEPSS 0.4%CVE-2024-12933MEDIUMcode-projects Simple Admin Panel updateItemController.php cross site scriptingEPSS 0.4%CVE-2026-11518MEDIUMSourceCodester Inventory System User Management users.php cross site scriptingEPSS 0.4%CVE-2026-5739MEDIUMPowerJob OpenAPI Endpoint addWorkflowNode GroovyEvaluator.evaluate code injectionEPSS 0.4%CVE-2024-12842MEDIUMEmlog Pro user.php cross site scriptingEPSS 0.4%CVE-2026-32719MEDIUMAnythingLLM has a Zip Slip Path Traversal and Code Execution via Community Hub Plugin ImportEPSS 0.4%CVE-2026-5970MEDIUMFoundationAgents MetaGPT HumanEvalBenchmark/MBPPBenchmark check_solution code injectionEPSS 0.4%CVE-2026-5971MEDIUMFoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injectionEPSS 0.4%CVE-2026-30887CRITICALOneUptime Affected by Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCEEPSS 0.4%CVE-2026-22314CRITICALImproper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server ComEPSS 0.4%CVE-2025-14729MEDIUMCTCMS Content Management System Backend App Configuration Ct_App.php save code injectionEPSS 0.4%CVE-2025-8367MEDIUMPortabilis i-Educar funcionario_vinculo_lst.php cross site scriptingEPSS 0.4%CVE-2025-0576MEDIUMMobotix M15 player cross site scriptingEPSS 0.4%CVE-2025-14837MEDIUMZZCMS Backend Website Settings siteconfig.php stripfxg code injectionEPSS 0.4%