Falhas do tipo CWE-94
3.778 resultadosCVE-2026-45714CRITICALCubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCEEPSS 0.4%CVE-2024-31396MEDIUMCode injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3EPSS 0.4%CVE-2025-43010HIGHCode injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL))EPSS 0.4%CVE-2025-0458MEDIUMVirtual Computer Vysual RH Solution Login Panel index.php cross site scriptingEPSS 0.4%CVE-2026-25470CRITICALWordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerabilityEPSS 0.4%CVE-2024-12665MEDIUMruifang-tech Rebuild Task Comment Attachment Upload cross site scriptingEPSS 0.4%CVE-2024-12995MEDIUMruifang-tech Rebuild Project Tasks Section tasks cross site scriptingEPSS 0.4%CVE-2025-15148MEDIUMCmsEasy Backend Template Management template_admin.php savetemp_action code injectionEPSS 0.4%CVE-2024-25077CRITICALAn issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flaEPSS 0.4%CVE-2024-11240MEDIUMIBPhoenix ibWebAdmin Banco de Dados Tab database.php cross site scriptingEPSS 0.4%CVE-2025-10794MEDIUMPHPGurukul Car Rental Project search.php cross site scriptingEPSS 0.4%CVE-2026-10904HIGHInappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandEPSS 0.4%CVE-2026-10928HIGHScript injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML EPSS 0.4%CVE-2026-40316HIGHOWASP BLT has RCE in Github Actions via untrusted Django model execution in workflowEPSS 0.4%CVE-2025-0800MEDIUMSourceCodester Online Courseware Edit Teacher saveeditt.php cross site scriptingEPSS 0.4%CVE-2024-13142MEDIUMZeroWdd studentmanager RoleController. java submitAddRole cross site scriptingEPSS 0.4%CVE-2025-61136HIGHA Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4.3 allows remote attackers to conduct passwEPSS 0.4%CVE-2025-8878MEDIUMPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.4%CVE-2026-25879CRITICALLangroid has Prompt to SQL Injection, Leading to RCEEPSS 0.4%CVE-2026-0498CRITICALCode Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise)EPSS 0.4%