Weaknesses of type CWE-94

3,774 results
CVE-2025-54417MEDIUMCraft contains a theoretical bypass for CVE-2025-23209EPSS 0.5%CVE-2026-8855HIGHIBM HTTP Server is affected by multiple vulnerabilitiesEPSS 0.5%CVE-2025-1782CRITICALUnsanitized input in language form fieldEPSS 0.5%CVE-2024-11677MEDIUMCodeAstro Hospital Management System Add Vendor Details Page his_admin_add_vendor.php cross site scriptingEPSS 0.5%CVE-2024-11247MEDIUMSourceCodester Online Eyewear Shop Inventory Page Master.php cross site scriptingEPSS 0.5%CVE-2026-12866CRITICALAll versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScrEPSS 0.5%CVE-2024-11676MEDIUMCodeAstro Hospital Management System Add Laboratory Equipment Page his_admin_add_lab_equipment.php cross site scriptingEPSS 0.5%CVE-2025-2805HIGHORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2025-8340MEDIUMcode-projects Intern Membership Management System Error Message fill_details.php cross site scriptingEPSS 0.5%CVE-2025-2809HIGHazurecurve Shortcodes in Comments <= 2.0.2 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2025-26936CRITICALWordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Remote Code Execution (RCE) vulnerabilityEPSS 0.5%CVE-2023-27770HIGHAn issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-maxEPSS 0.5%CVE-2024-9050HIGHNetworkmanager-libreswan: local privilege escalation via leftupdownEPSS 0.5%CVE-2024-39148HIGHThe service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to eEPSS 0.5%CVE-2025-71058CRITICALDual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate EPSS 0.5%CVE-2022-46070HIGHGV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path.EPSS 0.5%CVE-2024-8760MEDIUMStackable – Page Builder Gutenberg Blocks <= 3.13.6 - Unauthenticated CSS InjectionEPSS 0.5%CVE-2025-2061MEDIUMcode-projects Online Ticket Reservation System passenger.php cross site scriptingEPSS 0.5%CVE-2025-67164CRITICALAn authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arEPSS 0.4%CVE-2026-44959HIGHA missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user couldEPSS 0.4%