Weaknesses of type CWE-94
3,719 resultsCVE-2022-34715CRITICALWindows Network File System Remote Code Execution VulnerabilityEPSS 80.1%CVE-2022-4223HIGHThe pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities sucEPSS 79.9%CVE-2013-4810CRITICALHP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remEPSS 79.0%KEVCVE-2023-50721CRITICALXWiki Platform RCE from account through SearchAdminEPSS 78.8%CVE-2021-29505HIGHXStream is vulnerable to a Remote Command Execution attackEPSS 77.7%CVE-2022-24734HIGHRemote code execution in mybbEPSS 77.7%CVE-2018-1270—Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose EPSS 77.2%CVE-2022-45699CRITICALCommand injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrEPSS 76.6%CVE-2022-36099CRITICALXWiki Platform Wiki UI Main Wiki Eval Injection vulnerabilityEPSS 75.9%CVE-2023-48085CRITICALNagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.EPSS 75.8%CVE-2025-6204HIGHImproper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025EPSS 75.3%KEVCVE-2012-0391CRITICALThe ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception haEPSS 75.1%KEVCVE-2022-23642HIGHCode Injection in SourcegraphEPSS 74.3%CVE-2018-14667CRITICALThe RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unautEPSS 74.2%KEVCVE-2022-36100CRITICALXWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval InjectionEPSS 73.6%CVE-2025-13486CRITICALAdvanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_formEPSS 73.6%CVE-2021-21345MEDIUMXStream is vulnerable to a Remote Command Execution attackEPSS 73.0%CVE-2012-1535HIGHUnspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote aEPSS 70.4%KEVCVE-2009-0556HIGHMicrosoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to exEPSS 67.5%KEVCVE-2019-8900MEDIUMA vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon EPSS 67.1%