Fallos del tipo CWE-94

3802 resultados
CVE-2025-15249MEDIUMzhujunliang3 work_platform Content cross site scriptingEPSS 0.2%CVE-2026-55441HIGHmise: Arbitrary command execution via task-include files in an untrusted, config-less repositoryEPSS 0.2%CVE-2026-35093HIGHLibinput: libinput: unauthorized code execution and information disclosure through lua bytecode pluginsEPSS 0.2%CVE-2026-26682HIGHAn issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java componentEPSS 0.2%CVE-2025-4767MEDIUMdefog-ai introspect Test Endpoint integration_routes.py test_custom_tool code injectionEPSS 0.2%CVE-2026-35255MEDIUMVulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions tEPSS 0.2%CVE-2023-28796HIGHIPC Bypass Through PLT Section in ELFEPSS 0.2%CVE-2026-7580MEDIUMExiftool JPEG/QuickTime/MOV/MP4 GM.pm Process_mrld code injectionEPSS 0.2%CVE-2025-62348HIGHSalt junos module uses an unsafe YAML loader which may allow unintended code executionEPSS 0.2%CVE-2025-12843MEDIUMCode Injection in Wave Term v0.12.2 allowing TCC BypassEPSS 0.2%CVE-2026-10688MEDIUMahujasid blender-mcp server.py execute_blender_code code injectionEPSS 0.2%CVE-2024-39289HIGHUnsafe use of eval() method in rosparam toolEPSS 0.2%CVE-2025-24959LOWEnvironment Variable Injection for dotenv API in zxEPSS 0.2%CVE-2025-33204HIGHNVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker EPSS 0.2%CVE-2026-1146MEDIUMSourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System api_register_patient.php cross site scriptingEPSS 0.2%CVE-2025-12669MEDIUMImproper Control of Generation of Code ('Code Injection') in GitLabEPSS 0.2%CVE-2025-33236HIGHNVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit EPSS 0.2%CVE-2026-24248HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exEPSS 0.2%CVE-2024-39835HIGHUnsafe use of eval() method in roslaunch toolEPSS 0.2%CVE-2025-27998HIGHAn issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL.EPSS 0.2%