Fallos del tipo CWE-94
3759 resultadosCVE-2026-0761CRITICALFoundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution VulnerabilityEPSS 1.1%CVE-2026-1615CRITICALVersions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path exEPSS 1.0%CVE-2023-51015—TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface oEPSS 1.0%CVE-2023-51026—TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootSEPSS 1.0%CVE-2023-51018CRITICALTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiAEPSS 1.0%CVE-2024-42936CRITICALThe mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modifiEPSS 1.0%CVE-2021-33949CRITICALAn issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.EPSS 1.0%CVE-2022-24817CRITICALImproper kubeconfig validation allows arbitrary code executionEPSS 1.0%CVE-2023-47257HIGHConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.EPSS 1.0%CVE-2023-49391HIGHAn issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AEPSS 1.0%CVE-2023-24795—Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483.EPSS 1.0%CVE-2024-50660CRITICALFile Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionalityEPSS 1.0%CVE-2023-33570—Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).EPSS 1.0%CVE-2023-24539HIGHImproper sanitization of CSS values in html/templateEPSS 1.0%CVE-2024-49362HIGHRemote Code Execution on click of <a> Link in markdown previewEPSS 1.0%CVE-2023-29400HIGHImproper handling of empty HTML attributes in html/templateEPSS 1.0%CVE-2023-3393HIGHCode Injection in fossbilling/fossbillingEPSS 1.0%CVE-2024-3734MEDIUMFOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 1.0%CVE-2024-22632CRITICALSetor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability vEPSS 1.0%CVE-2023-35853—In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6EPSS 1.0%