Weaknesses of type CWE-94

3,781 results
CVE-2025-5516MEDIUMTOTOLINK X2000R URL Filtering Page formFilter cross site scriptingEPSS 0.3%CVE-2025-7856MEDIUMPHPGurukul Apartment Visitors Management System HTTP POST Request pass-details.php cross site scriptingEPSS 0.3%CVE-2026-2154MEDIUMSourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System Patient Registration registration.php cross site scriptingEPSS 0.3%CVE-2025-0578MEDIUMFacile Sistemas Cloud Apps Password Reset forgotpassword cross site scriptingEPSS 0.3%CVE-2025-7817MEDIUMPHPGurukul Apartment Visitors Management System HTTP POST Request bwdates-reports.php cross site scriptingEPSS 0.3%CVE-2025-9681MEDIUMO2OA Personal Profile agent cross site scriptingEPSS 0.3%CVE-2025-7818MEDIUMPHPGurukul Apartment Visitors Management System HTTP POST Request category.php cross site scriptingEPSS 0.3%CVE-2025-0219MEDIUMTrimble SPS851 Receiver Status Identity Tab cross site scriptingEPSS 0.3%CVE-2025-2645MEDIUMPHPGurukul Art Gallery Management System product.php cross site scriptingEPSS 0.3%CVE-2025-47481MEDIUMWordPress GS Testimonial Slider plugin <= 3.2.9 - Content Injection vulnerabilityEPSS 0.3%CVE-2024-30961HIGHInsecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allowEPSS 0.3%CVE-2026-32573CRITICALWordPress Nelio AB Testing plugin <= 8.2.7 - Remote Code Execution (RCE) vulnerabilityEPSS 0.3%CVE-2025-47562MEDIUMWordPress MapSVG plugin <= 8.5.34 - Content Injection VulnerabilityEPSS 0.3%CVE-2026-27044CRITICALWordPress Total Poll Lite plugin <= 4.12.0 - Remote Code Execution (RCE) vulnerabilityEPSS 0.3%CVE-2025-3788MEDIUMbaseweb JSite save cross site scriptingEPSS 0.3%CVE-2026-55388HIGHpiscina: Prototype Pollution Gadget → RCE via inherited options.filenameEPSS 0.3%CVE-2023-42404MEDIUMOneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution.EPSS 0.3%CVE-2026-3951MEDIUMLockerProject Locker Error Response registry.js authIsAwesome cross site scriptingEPSS 0.3%CVE-2025-3789MEDIUMbaseweb JSite save cross site scriptingEPSS 0.3%CVE-2026-9976HIGHInappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a craftEPSS 0.3%