Fallos del tipo CWE-94

3766 resultados
CVE-2024-13499HIGHGamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() FunctionEPSS 0.6%CVE-2024-10262MEDIUMDrop Shadow Boxes <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode ExecutionEPSS 0.6%CVE-2024-36598HIGHAn arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file.EPSS 0.6%CVE-2026-6169HIGHaffiliate-toolkit <= 3.8.5 - Authenticated (Editor+) Remote Code ExecutionEPSS 0.6%CVE-2005-1876MEDIUMDirect code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrarEPSS 0.6%CVE-2025-11539CRITICALArbitrary Code Execution in Grafana Image Renderer PluginEPSS 0.6%CVE-2025-54550HIGHApache Airflow: RCE by race condition in example_xcom dagEPSS 0.6%CVE-2023-51420CRITICALWordPress Verge3D Plugin <= 4.5.2 is vulnerable to Remote Code Execution (RCE)EPSS 0.6%CVE-2024-48700HIGHKliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_EPSS 0.6%CVE-2025-65719CRITICALAn issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a EPSS 0.6%CVE-2022-30580HIGHEmpty Cmd.Path can trigger unintended binary in os/exec on WindowsEPSS 0.6%CVE-2024-9839HIGHUix Slideshow <= 1.6.5 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.6%CVE-2026-45505HIGHApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper BypassEPSS 0.6%CVE-2026-41139HIGHUnsafe array index getter in mathjsEPSS 0.6%CVE-2023-43301An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel acEPSS 0.6%CVE-2023-45751CRITICALWordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Remote Code Execution (RCE)EPSS 0.6%CVE-2026-42555CRITICALValtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin usersEPSS 0.6%CVE-2023-25953CRITICALCode injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where theEPSS 0.6%CVE-2026-42288CRITICALChurchCRM: Incomplete fix for CVE-2026-39337: Unauthenticated RCE in Setup Wizard via unsanitized DB_PASSWORDEPSS 0.6%CVE-2018-25320CRITICALACL Analytics 11.x - 13.0.0.579 Arbitrary Code ExecutionEPSS 0.6%