Fallos del tipo CWE-78
3877 resultadosCVE-2025-36566MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releasEPSS 0.6%CVE-2026-33648HIGHAVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and `liveTransmitionHistory_id` in Restreamer Log File PathEPSS 0.6%CVE-2025-36567MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releasEPSS 0.6%CVE-2025-43906MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 releasEPSS 0.6%CVE-2025-43890MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 releasEPSS 0.6%CVE-2023-51699MEDIUMOS Command Injection for Fluid Users with JuicefsRuntimeEPSS 0.6%CVE-2026-13760HIGHOS Command Injection in aws-cdk-lib Docker BundlingEPSS 0.6%CVE-2025-37157MEDIUMAuthenticated Command Injection allows Unauthorized Command Execution in AOS-CXEPSS 0.6%CVE-2021-47747HIGHmeterN 1.2.3 Authenticated Remote Code Execution via Admin ScriptsEPSS 0.6%CVE-2025-37158MEDIUMAuthenticated Command Injection allows Unauthorized Command Execution in AOS-CXEPSS 0.6%CVE-2023-25554HIGH
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS
Command Injection') vulnerability exists that allows aEPSS 0.6%CVE-2022-38132HIGHCommand injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands.EPSS 0.6%CVE-2026-40288CRITICALPraisonAI: Critical RCE via `type: job` workflow YAMLEPSS 0.6%CVE-2022-48596HIGHA SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled iEPSS 0.6%CVE-2022-48598HIGHA SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controllEPSS 0.6%CVE-2022-48586HIGHA SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and pEPSS 0.6%CVE-2022-48595HIGHA SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlleEPSS 0.6%CVE-2022-48594HIGHA SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled iEPSS 0.6%CVE-2022-48601HIGHA SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inEPSS 0.6%CVE-2022-48587HIGHA SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input aEPSS 0.6%