Falhas do tipo CWE-94

3.777 resultados
CVE-2025-24243HIGHThe issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, mEPSS 0.5%CVE-2024-44722CRITICALSysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd.EPSS 0.5%CVE-2025-2421CRITICALRemote Code Execution in Profelis Informatics' SambaBoxEPSS 0.5%CVE-2026-27574CRITICALOneUptime: node:vm sandbox escape in probe allows any project member to achieve RCEEPSS 0.5%CVE-2026-42298CRITICALPostiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.devEPSS 0.5%CVE-2025-1119HIGHAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2023-39445Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execuEPSS 0.5%CVE-2025-2169HIGHWPCS – WordPress Currency Switcher Professional <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2024-13792HIGHWooCommerce Food - Restaurant Menu & Food ordering <= 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via idsEPSS 0.5%CVE-2024-13797HIGHPressMart - Modern Elementor WooCommerce WordPress Theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2025-8206LOWComodo Dragon IP DNS Leakage Detector cross site scriptingEPSS 0.5%CVE-2025-4460MEDIUMTOTOLINK N150RT URL Filtering Page cross site scriptingEPSS 0.5%CVE-2026-8429HIGHSPIP < 4.4.14 Remote Code Execution via Private SpaceEPSS 0.5%CVE-2026-10561CRITICALUnauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins InjectionEPSS 0.5%CVE-2024-24469HIGHCross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.EPSS 0.5%CVE-2024-13345HIGHAvada Builder <= 3.11.13 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2024-55918MEDIUMAn issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. There is an ambiguity between modules and filenames that EPSS 0.5%CVE-2024-39002MEDIUMrjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackerEPSS 0.5%CVE-2023-41005An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UEPSS 0.5%CVE-2026-44291HIGHprotobufjs: Code generation gadget after prototype pollutionEPSS 0.5%