Fallos del tipo CWE-94
3774 resultadosCVE-2026-42090CRITICALNotesnook: RCE via stored XSS in note export renderingEPSS 0.5%CVE-2026-28505HIGHTautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist checkEPSS 0.5%CVE-2026-50880CRITICALAn issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crEPSS 0.5%CVE-2024-31648MEDIUMCross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a craftEPSS 0.5%CVE-2026-45583HIGHMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 0.5%CVE-2019-3695HIGHpcp: Local privilege escalation from user pcp to rootEPSS 0.5%CVE-2026-45697CRITICALFormie: Pre-authenticated server-side template injection in Hidden fieldsEPSS 0.5%CVE-2023-24333HIGHA stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary comEPSS 0.5%CVE-2024-46639HIGHA cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payloEPSS 0.5%CVE-2026-25856HIGHOpenBullet2 0.3.2 Authenticated RCE via Job Configuration InterfaceEPSS 0.5%CVE-2026-41486HIGHRay: Remote Code Execution via Parquet Arrow Extension Type DeserializationEPSS 0.5%CVE-2024-38990MEDIUMTada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. This vulnerability allows attackers to EPSS 0.5%CVE-2026-23742HIGHSkipper arbitrary code execution through lua filtersEPSS 0.5%CVE-2024-56327HIGHMalicious plugin names, recipients, or identities can cause arbitrary binary execution in pyrageEPSS 0.5%CVE-2025-1742MEDIUMpihome-shc PiHome home.php cross site scriptingEPSS 0.5%CVE-2026-53576CRITICALKestra: Unauthenticated RCE via /configs path-suffix auth-filter bypassEPSS 0.5%CVE-2024-34405CRITICALImproper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL EPSS 0.5%CVE-2024-11678MEDIUMCodeAstro Hospital Management System his_doc_register_patient.php cross site scriptingEPSS 0.5%CVE-2025-30085CRITICALExtension - rsjoomla.com - Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for JoomlaEPSS 0.5%CVE-2023-27986HIGHemacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescapedEPSS 0.5%