Fallos del tipo CWE-78
3752 resultadosCVE-2021-1498CRITICALCisco HyperFlex HX Command Injection VulnerabilitiesEPSS 100.0%KEVCVE-2014-6271CRITICALGNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attacEPSS 100.0%KEVCVE-2019-16920CRITICALUnauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when theEPSS 100.0%KEVCVE-2020-8515CRITICALDrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code executiEPSS 100.0%KEVCVE-2022-44877CRITICALlogin/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commaEPSS 100.0%KEVCVE-2020-9054CRITICALZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgiEPSS 100.0%KEVCVE-2024-4577CRITICALArgument Injection in PHP-CGIEPSS 100.0%KEVCVE-2024-45519CRITICALThe postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.EPSS 100.0%KEVCVE-2020-25506CRITICALD-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary EPSS 100.0%KEVCVE-2019-10149CRITICALA flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/dEPSS 100.0%KEVCVE-2018-10562CRITICALAn issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request toEPSS 100.0%KEVCVE-2014-7169CRITICALGNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variablEPSS 99.9%KEVCVE-2022-30525CRITICALA OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 fEPSS 99.9%KEVCVE-2021-1497CRITICALCisco HyperFlex HX Command Injection VulnerabilitiesEPSS 99.9%KEVCVE-2022-29303CRITICALSolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.EPSS 99.9%KEVCVE-2021-36260CRITICALA command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploiEPSS 99.9%KEVCVE-2021-35394CRITICALRealtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary.EPSS 99.9%KEVCVE-2019-15107CRITICALAn issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.EPSS 99.8%KEVCVE-2014-6278HIGHGNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attEPSS 99.6%KEVCVE-2025-48703CRITICALCWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in tEPSS 99.6%KEV