Weaknesses of type CWE-94

3,793 results
CVE-2026-4169MEDIUMTecnick TCExam XML Export tce_xml_users.php F_xml_export_users cross site scriptingEPSS 0.2%CVE-2026-8255MEDIUMDevs Palace ERP Online add_new_customer cross site scriptingEPSS 0.2%CVE-2026-8256MEDIUMDevs Palace ERP Online mr-save cross site scriptingEPSS 0.2%CVE-2022-22270MEDIUMAn implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact infoEPSS 0.2%CVE-2026-3403MEDIUMPHPGurukul Student Record Management System edit-subject.php cross site scriptingEPSS 0.2%CVE-2026-3402MEDIUMPHPGurukul Student Record Management System edit-course.php cross site scriptingEPSS 0.2%CVE-2026-4972MEDIUMcode-projects Online Reviewer System btn_functions.php cross site scriptingEPSS 0.2%CVE-2026-9377MEDIUMSourceCodester SUP Online Shopping productedit.php cross site scriptingEPSS 0.2%CVE-2026-8221MEDIUMDevs Palace ERP Online item-save cross site scriptingEPSS 0.2%CVE-2025-33240HIGHNVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successfEPSS 0.2%CVE-2026-52858HIGHVim: Arbitrary Code Execution via Python Omni-CompletionEPSS 0.2%CVE-2025-15146MEDIUMSohuTV CacheCloud UserManageController.java doUserList cross site scriptingEPSS 0.2%CVE-2025-15174MEDIUMSohuTV CacheCloud AppManageController.java doAppAuditList cross site scriptingEPSS 0.2%CVE-2026-24764LOWOpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel DescriptionsEPSS 0.2%CVE-2025-15172MEDIUMSohuTV CacheCloud RedisConfigTemplateController.java preview cross site scriptingEPSS 0.2%CVE-2025-13450MEDIUMSourceCodester Online Shop Project register.php cross site scriptingEPSS 0.2%CVE-2025-14991MEDIUMCampcodes Complete Online Beauty Parlor Management System bwdates-reports-details.php cross site scriptingEPSS 0.2%CVE-2026-11218MEDIUMInappropriate implementation in PlatformIntegration in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who convincEPSS 0.2%CVE-2025-15173MEDIUMSohuTV CacheCloud InstanceController.java advancedAnalysis cross site scriptingEPSS 0.2%CVE-2024-13420MEDIUMSmart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings UpdatesEPSS 0.2%