Fallos del tipo CWE-94

3777 resultados
CVE-2025-47588CRITICALWordPress Dynamic Pricing With Discount Rules for WooCommerce plugin <= 4.5.9 - Arbitrary Code Execution vulnerabilityEPSS 0.4%CVE-2024-45390HIGH@blakeembrey/template vulnerable to code injection when attacker controls template inputEPSS 0.4%CVE-2025-2714MEDIUMJoomlaUX JUX Real Estate addagent cross site scriptingEPSS 0.4%CVE-2024-1706MEDIUMZKTeco ZKBio Access IVS Department Name Search Bar cross site scriptingEPSS 0.4%CVE-2024-36531MEDIUMnukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.EPSS 0.4%CVE-2025-61588CRITICALrisc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read`EPSS 0.4%CVE-2025-54594CRITICALreact-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltrationEPSS 0.4%CVE-2023-1367MEDIUM Code Injection in alextselegidis/easyappointmentsEPSS 0.4%CVE-2023-6691HIGHCode Injection vulnerability in Cambium ePMP Force 300-25EPSS 0.4%CVE-2023-6604MEDIUMFfmpeg: hls xbin demuxer dos amplification in ffmpegEPSS 0.4%CVE-2025-61929CRITICALCherry Studio allows one-click on a specific URL to cause a command to executeEPSS 0.4%CVE-2022-23465HIGHSwiftTerm vulnerable to arbitrary command executionEPSS 0.4%CVE-2025-7885MEDIUMHuashengdun WebSSH Login Page cross site scriptingEPSS 0.4%CVE-2025-67035CRITICALAn issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilEPSS 0.4%CVE-2025-11093HIGHArbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS)EPSS 0.4%CVE-2024-34761HIGHWordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Arbitrary Function Execution vulnerabilityEPSS 0.4%CVE-2025-10487HIGHAdvanced Ads <= 2.0.12 - Unauthenticated Limited Code ExecutionEPSS 0.4%CVE-2024-6006MEDIUMZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scriptingEPSS 0.4%CVE-2026-28425HIGHStatamic vulnerable to remote code execution via Antlers-enabled control panel inputsEPSS 0.4%CVE-2026-33310HIGHIntake has a Command Injection via shell() Expansion in Parameter DefaultsEPSS 0.4%