Fallos del tipo CWE-77
2524 resultadosCVE-2026-2533MEDIUMTosei Self-service Washing Machine tosei_datasend.php command injectionEPSS 2.0%CVE-2024-50591HIGHLocal Privilege Escalation via Command InjectionEPSS 2.0%CVE-2026-9436CRITICALTotolink A8000RU Web Management cstecgi.cgi setL2tpServerCfg os command injectionEPSS 2.0%CVE-2025-7578LOWTeledyne FLIR FB-Series O/FLIR FH-Series ID runcmd.sh sendCommand command injectionEPSS 2.0%CVE-2025-15379CRITICALCommand Injection in mlflow/mlflowEPSS 2.0%CVE-2026-2544MEDIUMyued-fe LuLu UI run.js child_process.exec os command injectionEPSS 2.0%CVE-2023-36458MEDIUM1Panel vulnerable to ommand injection when entering the container terminalEPSS 2.0%CVE-2023-36457MEDIUM1Panel vulnerable to command injection when adding container repositoriesEPSS 2.0%CVE-2023-0127HIGHA command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacEPSS 2.0%CVE-2024-42509CRITICALUnauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI ProtocolEPSS 2.0%CVE-2025-14184MEDIUMSGAI Space1 NAS N1211DS gsaiagent JSONAPI NGNIX_UPLOAD command injectionEPSS 2.0%CVE-2024-1540HIGHCommand Injection in gradio-app/gradio via deploy+test-visual.yml workflowEPSS 2.0%CVE-2024-36604CRITICALTenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerabilitEPSS 2.0%CVE-2025-44872CRITICALTenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName paraEPSS 2.0%CVE-2025-44877CRITICALTenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parametEPSS 2.0%CVE-2026-12186HIGHGL.iNet GL-MT3000 Tor Proxy Service Configuration tor replace_country command injectionEPSS 2.0%CVE-2023-34231HIGHSnowflake Golang Driver vulnerable to Command InjectionEPSS 2.0%CVE-2023-33556CRITICALTOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/seEPSS 2.0%CVE-2024-44845HIGHDrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_EPSS 2.0%CVE-2025-15607HIGHAuthenticated Command Injection in mcsd Service of TP-Link Archer AX53EPSS 2.0%