Fallos del tipo CWE-94

3802 resultados
CVE-2026-8021MEDIUMScript injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestuEPSS 0.2%CVE-2025-63693MEDIUMThe comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks adequate security escaping for user-controllable EPSS 0.2%CVE-2026-55895MEDIUMVim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filenameEPSS 0.2%CVE-2026-49241HIGHAngular: Multiple Remote Code Execution Vulnerabilities in Angular Language Service VS Code ExtensionEPSS 0.2%CVE-2025-61982HIGHAn arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpEPSS 0.1%CVE-2025-55313HIGHAn issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary codEPSS 0.1%CVE-2021-25415Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memorEPSS 0.1%CVE-2026-46517HIGHLMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-outEPSS 0.1%CVE-2026-8795HIGHA YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostnamEPSS 0.1%CVE-2026-48124HIGHCursor Desktop sandbox escape via Claude hook configurationEPSS 0.1%CVE-2026-57456HIGHVim: Arbitrary Code Execution via Python Omni-Completion DocstringsEPSS 0.1%CVE-2026-0236HIGHPrisma Browser: Code Injection Enables Security Controls BypassEPSS 0.1%CVE-2026-41692MEDIUMi18nextify is vulnerable to DOM XSS via javascript:/data: URL schemes in translated href/src attributesEPSS 0.1%CVE-2026-45555HIGHRoslyn CodeLens MCP Server: Untrusted Roslyn Analyzer Execution via get_diagnostics Leads to Arbitrary Code ExecutionEPSS 0.1%CVE-2026-46432HIGHLMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initializationEPSS 0.1%CVE-2021-25393MEDIUMImproper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access EPSS 0.1%CVE-2026-36365HIGHAn issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary EPSS 0.1%CVE-2026-44698HIGHHome Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injectionEPSS 0.1%CVE-2026-47167MEDIUMVim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regexEPSS 0.1%CVE-2026-59858HIGHVim: Arbitrary Code Execution via C Omni-CompletionEPSS 0.1%