Falhas do tipo CWE-94

3.767 resultados
CVE-2025-26260HIGHPlenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as jEPSS 0.7%CVE-2021-47952CRITICALpython jsonpickle 2.0.0 Remote Code Execution via py/reprEPSS 0.7%CVE-2024-30868CRITICALnetentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php.EPSS 0.7%CVE-2024-12900MEDIUMFoxCMS Configuration File installdb.php code injectionEPSS 0.7%CVE-2025-32798HIGHConda-build Allows Arbitrary Code Execution via Malicious Recipe SelectorsEPSS 0.7%CVE-2026-24747HIGHPyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint FilesEPSS 0.7%CVE-2025-57644CRITICALAccela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative useEPSS 0.7%CVE-2024-37899CRITICALDisabling a user account changes its author, allowing RCE from user account in XWikiEPSS 0.7%CVE-2025-67489CRITICAL@vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development serverEPSS 0.7%CVE-2023-45560An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.EPSS 0.7%CVE-2025-45479CRITICALInsufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting EPSS 0.7%CVE-2026-40342CRITICALFirebird: Path Traversal + Arbitrary File Write Leads to Remote Code ExecutionEPSS 0.7%CVE-2026-33938HIGHHandlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-blockEPSS 0.7%CVE-2024-9006MEDIUMjeanmarc77 123solar config_invt1.php code injectionEPSS 0.7%CVE-2024-57099CRITICALClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameEPSS 0.7%CVE-2024-39015CRITICALcafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request. This vulnerability allows attackers to execEPSS 0.7%CVE-2025-5127MEDIUMTeledyne FLIR AX8 prod.php cross site scriptingEPSS 0.7%CVE-2024-31266CRITICALWordPress Advanced Order Export For WooCommerce plugin <= 3.4.4 - Remote Code Execution (RCE) vulnerabilityEPSS 0.7%CVE-2020-8140A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRAREPSS 0.7%CVE-2026-48519CRITICALLangflow: Unauthenticated RCE in Shareable PlaygroundsEPSS 0.7%