Weaknesses of type CWE-94
3,766 resultsCVE-2026-10109CRITICALIBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handlingEPSS 0.9%CVE-2022-43279HIGHLimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.phEPSS 0.9%CVE-2023-31447—user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payEPSS 0.9%CVE-2024-4889HIGHCode Injection in berriai/litellmEPSS 0.9%CVE-2021-37774HIGHAn issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code.EPSS 0.9%CVE-2023-53883HIGHWebedition CMS v2.9.8.8 Remote Code Execution via PHP Page CreationEPSS 0.9%CVE-2025-42967CRITICALCode Injection vulnerability in SAP S/4HANA and SAP SCM (Characteristic Propagation)EPSS 0.9%CVE-2022-41264HIGHDue to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 7EPSS 0.9%CVE-2025-34128HIGHX360 VideoPlayer ActiveX Control Buffer Overflow via ConvertFile()EPSS 0.9%CVE-2024-38651HIGHA code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code executiEPSS 0.9%CVE-2024-39715HIGHA code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPCEPSS 0.9%CVE-2026-5760CRITICALCVE-2026-5760EPSS 0.9%CVE-2024-7559HIGHFile Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.9%CVE-2025-13780CRITICALRemote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)EPSS 0.9%CVE-2023-6886MEDIUMxnx3 wangmarket Role Management Page code injectionEPSS 0.9%CVE-2024-4662HIGHOxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code ExecutionEPSS 0.9%CVE-2026-8633CRITICALIBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using when using Web Server Plug-insEPSS 0.8%CVE-2012-10032HIGHMaxthon3 about:history XCS Trusted Zone Code ExecutionEPSS 0.8%CVE-2025-9519HIGHEasy Timer <= 4.2.1 - Authenticated (Editor+) Remote Code Execution via ShortcodeEPSS 0.8%CVE-2025-65294CRITICALAqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechaniEPSS 0.8%