Fallos del tipo CWE-94

3802 resultados
CVE-2026-54074HIGH@tinacms/cli: Remote Code Execution via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labelsEPSS 0.2%CVE-2024-48829MEDIUMDell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerabiliEPSS 0.2%CVE-2026-3476HIGHCode Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026EPSS 0.2%CVE-2025-0664MEDIUMA locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrarEPSS 0.2%CVE-2026-27675LOWCode Injection vulnerability in SAP Landscape TransformationEPSS 0.2%CVE-2026-0414MEDIUMInsufficient Input Validation Allows Unauthorized Modification of Router Software in certain NETGEAR RoutersEPSS 0.2%CVE-2026-34725HIGHdbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configurationEPSS 0.2%CVE-2025-67750HIGHLightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion RuleEPSS 0.2%CVE-2023-53940HIGHCodigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown FileEPSS 0.2%CVE-2026-54057HIGHKitty vulnerable to command injection via unsanitized OSC 21 query replyEPSS 0.2%CVE-2026-42851HIGH@kitty-edit DCS + --color=geninclude vulnerable to Unauthenticated in-process RCEEPSS 0.2%CVE-2026-24249HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful explEPSS 0.2%CVE-2023-41898HIGH Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for AndroidEPSS 0.2%CVE-2025-34114HIGHOpenBlow Missing Critical Security HeadersEPSS 0.2%CVE-2026-25797MEDIUMImageMagick vulnerable to Code injection via PostScript header in ps codersEPSS 0.2%CVE-2026-8539MEDIUMScript injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts oEPSS 0.2%CVE-2026-12252HIGHUntrusted JAR Code Execution in Multiple Stanford Interface Classes in nltk/nltkEPSS 0.2%CVE-2025-9120HIGHRCE vulnerability has been discovered in OpenText™ Carbonite Safe Server Backup.EPSS 0.2%CVE-2025-42895MEDIUMCode Injection vulnerability in SAP HANA JDBC ClientEPSS 0.2%CVE-2026-8021MEDIUMScript injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestuEPSS 0.2%