Weaknesses of type CWE-94

3,785 results
CVE-2025-8553MEDIUMatjiu pybbs list cross site scriptingEPSS 0.3%CVE-2026-11778MEDIUMCURCY <= 2.2.14 - Unauthenticated Arbitrary Shortcode Execution via 'exchange' ParameterEPSS 0.3%CVE-2025-2976MEDIUMGFI KerioConnect File Upload cross site scriptingEPSS 0.3%CVE-2025-8554MEDIUMatjiu pybbs list cross site scriptingEPSS 0.3%CVE-2026-40129MEDIUMCode Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP PlatformEPSS 0.3%CVE-2025-8552MEDIUMatjiu pybbs list cross site scriptingEPSS 0.3%CVE-2025-8750MEDIUMmacrozheng mall Add Product Page upload cross site scriptingEPSS 0.3%CVE-2026-7501MEDIUMLinkStackOrg LinkStack UserController.php editPage cross site scriptingEPSS 0.3%CVE-2023-32383HIGHThis issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.EPSS 0.3%CVE-2026-4175MEDIUMAureus ERP Chatter Message content-text-entry.blade.php cross site scriptingEPSS 0.3%CVE-2026-4004MEDIUMTask Manager <= 3.0.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'task_id' ParameterEPSS 0.3%CVE-2026-6633MEDIUMYifang CMS Extended Management L_rbac_admin.php store cross site scriptingEPSS 0.3%CVE-2026-5209MEDIUMSourceCodester Leave Application System User Management cross site scriptingEPSS 0.3%CVE-2026-8254MEDIUMDevs Palace ERP Online sales_save cross site scriptingEPSS 0.3%CVE-2025-52218HIGHSelectZero Data Observability Platform before 2025.5.2 is vulnerable to Content Spoofing / Text Injection. Improper sanitization of unspecifEPSS 0.3%CVE-2025-23361HIGHNVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause impropeEPSS 0.3%CVE-2026-7090MEDIUMcode-projects Chat System send_message.php cross site scriptingEPSS 0.3%CVE-2026-6592MEDIUMComfyUI userdata Endpoint user_manager.py getuserdata cross site scriptingEPSS 0.3%CVE-2025-31365MEDIUMAn Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2EPSS 0.3%CVE-2026-5568MEDIUMAkaunting Invoice/Billing cross site scriptingEPSS 0.3%