Login Sign Up

CWE-96: CWE-96

13
Total CVEs
6
Critical
6
High
8.8
Avg CVSS

Yearly Trend

2026
1
2025
5
2024
2
2023
2
2022
1

Top Affected Vendors

1 Opigno 3
2 Dell 1
3 Qnap 1
4 Netapp 1
5 Xwiki 1
6 Debian 1
7 Atlassian 1
8 Os4ed 1
9 Microweber 1
10 Webmin 1

All CWE-96 CVEs (13)

CVE-2015-2079
9.9

This vulnerability allows remote attackers to execute arbitrary code on Usermin servers by exploiting improper input validation in the uconfig_save.cg...

Apr 28, 2025
CVE-2024-55877
9.9

This vulnerability allows any authenticated user in XWiki Platform to execute arbitrary code remotely by adding malicious WikiMacroClass instances to ...

Dec 12, 2024
CVE-2024-13264
9.8

This vulnerability in Drupal's Opigno module allows attackers to inject malicious PHP code through static code injection, leading to local file inclus...

Jan 9, 2025
CVE-2023-39726
9.8

A critical vulnerability in Mintty terminal emulator allows remote attackers to execute arbitrary code by sending specially crafted ANSI escape sequen...

Oct 26, 2023
CVE-2022-0895
9.8

CVE-2022-0895 is a static code injection vulnerability in Microweber CMS prior to version 1.3, allowing attackers to inject malicious code into static...

Mar 10, 2022
CVE-2020-6143
9.8

This is a critical remote code execution vulnerability in OS4Ed openSIS 7.4's installation functionality. Attackers can inject malicious PHP code thro...

Sep 1, 2020
CVE-2025-57707
8.8

A static code injection vulnerability in QNAP File Station 5 allows authenticated attackers to access restricted files and data. This affects users of...

Feb 11, 2026
CVE-2022-43938
8.8

This vulnerability allows attackers to execute arbitrary code through malicious Pentaho Reports (*.prpt files) due to inability to disable scripting c...

Apr 3, 2023
CVE-2024-32487
8.6

CVE-2024-32487 is a command injection vulnerability in the 'less' pager utility that allows attackers to execute arbitrary OS commands via specially c...

Apr 13, 2024
CVE-2024-13267
7.5

This vulnerability allows attackers to include and execute arbitrary PHP files on Drupal sites using the Opigno TinCan Question Type module. It affect...

Jan 9, 2025
CVE-2025-36595
7.2

Dell Unisphere for PowerMax vApp version 9.2.4.x contains a static code injection vulnerability that allows high-privileged remote attackers to execut...

Jun 27, 2025
CVE-2021-39115
7.2

This CVE allows remote attackers with Jira Administrator access to execute arbitrary Java code or system commands via server-side template injection i...

Sep 1, 2021
CVE-2024-13268
6.8

This CVE describes a static code injection vulnerability in Drupal Opigno that allows PHP local file inclusion. Attackers can inject malicious code th...

Jan 9, 2025

About CWE-96 (CWE-96)

Our database tracks 13 CVEs classified as CWE-96, with 6 rated critical and 6 rated high severity. The average CVSS score for CWE-96 vulnerabilities is 8.8.

External reference: View CWE-96 on MITRE CWE →

Monitor CWE-96 Vulnerabilities

Get alerted when new CWE-96 CVEs affect your infrastructure.

Start Monitoring Free