CWE-96
13 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-96page 1 of 1
- CVE-2020-6143CRITICALCVSS 9.8EG 9.82020-09-01
A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An …
- CVE-2020-6144CRITICALCVSS 9.8EG 9.82020-09-01
A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An …
- CVE-2021-39115HIGHCVSS 7.2EG 7.22021-09-01
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vul…
- CVE-2022-0895CRITICALCVSS 9.8EG 9.82022-03-10
Static Code Injection in GitHub repository microweber/microweber prior to 1.3.
- CVE-2022-3960MEDIUMCVSS 6.3EG 6.32023-04-03
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin.
- CVE-2022-43938HIGHCVSS 8.8EG 8.82023-04-03
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager.
- CVE-2023-39726CRITICALCVSS 9.8EG 9.82023-10-26
An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.
- CVE-2024-0788MEDIUMCVSS 6.6EG 5.82024-01-29
SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver.
- CVE-2024-32487HIGHCVSS 8.6EG 8.62024-04-13
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted f…
- CVE-2024-37900MEDIUMCVSS 6.4EG 6.42024-07-31
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineerin…
- CVE-2024-43400CRITICALCVSS 9.0EG 9.02024-08-19
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requi…
- CVE-2024-55662CRITICALCVSS 9.9EG 9.92024-12-12
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user can execute any code requiring `programmi…
- CVE-2024-55877CRITICALCVSS 9.9EG 9.92024-12-12
XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` …
Map vulnerabilities like CWE-96 to your infrastructure
EchelonGraph correlates every CVE — across CWE-96 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →