Weaknesses of type CWE-94
3,767 resultsCVE-2023-31414HIGHKibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuratEPSS 0.6%CVE-2026-41138HIGHFlowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas.EPSS 0.6%CVE-2025-37105HIGHAn hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.EPSS 0.6%CVE-2025-33042HIGHApache Avro Java SDK: Code injection on Java generated codeEPSS 0.6%CVE-2024-9154HIGHAuthenticated Remote Code ExecutionEPSS 0.6%CVE-2024-51298CRITICALIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doEPSS 0.6%CVE-2024-7520HIGHA type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects FireEPSS 0.6%CVE-2024-40446CRITICALAn issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted scriptEPSS 0.6%CVE-2023-26324HIGHGetApps application has code execution vulnerabilityEPSS 0.6%CVE-2026-14439CRITICALPath Traversal in Altium Git Service Allows Remote Code ExecutionEPSS 0.6%CVE-2026-25227CRITICALauthentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test EndpointEPSS 0.6%CVE-2025-55204HIGHmuffon has One-click Remote Code Execution via XSS and Custom URL HandlingEPSS 0.6%CVE-2025-61927HIGHHappy-DOM has VM Context EscapeEPSS 0.6%CVE-2025-50739CRITICALiib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization.EPSS 0.6%CVE-2025-66448HIGHvLLM vulnerable to remote code execution via transformers_utils/get_configEPSS 0.6%CVE-2026-2296HIGHProduct Addons for Woocommerce – Product Options with Custom Fields <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' ParameterEPSS 0.6%CVE-2023-1049HIGH
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
could cause execution of malicious code when EPSS 0.6%CVE-2026-3132HIGHMaster Addons for Elementor Premium <= 2.1.3 - Authenticated (Subscriber+) Remote Code Execution via render_previewEPSS 0.6%CVE-2026-27495CRITICALn8n has a Sandbox Escape in its JavaScript Task RunnerEPSS 0.6%CVE-2025-3164MEDIUMTencent Music Entertainment SuperSonic H2 Database Connection testConnect code injectionEPSS 0.6%