Fallos del tipo CWE-94
3802 resultadosCVE-2026-1226HIGHCWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the apEPSS 0.1%CVE-2025-63421HIGHAn issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe fileEPSS 0.1%CVE-2026-42890MEDIUMactual Allows Electron to Run As NodeEPSS 0.1%CVE-2026-44728HIGHImproper Control of Generation of Code when compiling specifically crafted malicious code with @babel/plugin-transform-modules-systemjsEPSS 0.1%CVE-2026-23733MEDIUMLobe Chat has Cross-Site Scripting (XSS) issue that may escalate to Remote Code Execution (RCE)EPSS 0.1%CVE-2026-28801MEDIUMNatro Macro: Code Injection through Pattern/Path filesEPSS 0.1%CVE-2021-25416—Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executabEPSS 0.1%CVE-2026-11157MEDIUMScript injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious exEPSS 0.1%CVE-2025-5101MEDIUMImproper Control of Generation of Code ('Code Injection') in GitLabEPSS 0.1%CVE-2024-40671HIGHIn DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission cheEPSS 0.1%CVE-2021-25470HIGHAn improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.EPSS 0.1%CVE-2025-59042HIGHPyInstaller has local privilege escalation vulnerabilityEPSS 0.1%CVE-2026-45353CRITICALelecterm: Local code through electerm's single-instance socketEPSS 0.1%CVE-2026-31252MEDIUMCosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in EPSS 0.1%CVE-2022-33725MEDIUMA vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system priEPSS 0.1%CVE-2022-23426MEDIUMA vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system EPSS 0.1%CVE-2026-40602MEDIUMhass-cli: Handling of user-supplied Jinja2 templatesEPSS 0.1%CVE-2021-25411—Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-onEPSS 0.1%CVE-2022-33721MEDIUMA vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.EPSS 0.1%CVE-2026-61444CRITICALPraisonAI before 4.6.78 Code Injection via f-stringEPSS —