Fallos del tipo CWE-78

3840 resultados
CVE-2026-30311CRITICALRidvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanEPSS 1.7%CVE-2024-43651CRITICALAuthenticated command injection in the <redacted> action leads to full remote code execution as root on the charging stationEPSS 1.7%CVE-2022-44567CRITICALA command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalEPSS 1.7%CVE-2022-34447HIGH PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote atEPSS 1.7%CVE-2026-9367MEDIUMNousResearch hermes-agent terminal_tool approval.py detect_dangerous_command os command injectionEPSS 1.7%CVE-2026-7698MEDIUMTiandy Easy7 Integrated Management Platform updateDbBackupInfo os command injectionEPSS 1.7%CVE-2024-3196MEDIUMMailCleaner SOAP Service dumpConfiguration os command injectionEPSS 1.7%CVE-2024-23058CRITICALTOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069CfEPSS 1.7%CVE-2026-8500CRITICALWeb::Passwd versions through 0.03 for Perl is vulnerable to RCEEPSS 1.7%CVE-2024-11005CRITICALCommand injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.EPSS 1.7%CVE-2024-11006CRITICALCommand injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.EPSS 1.7%CVE-2024-11007CRITICALCommand injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.EPSS 1.7%CVE-2024-48889HIGHAn Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager versionEPSS 1.7%CVE-2024-31473CRITICALThere is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code executiEPSS 1.7%CVE-2026-5802MEDIUMidachev mcp-javadc HTTP os command injectionEPSS 1.7%CVE-2025-65791CRITICALZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to theEPSS 1.6%CVE-2021-3058HIGHPAN-OS: OS Command Injection Vulnerability in Web Interface XML APIEPSS 1.6%CVE-2024-42743HIGHIn TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . AEPSS 1.6%CVE-2023-22919HIGHThe post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated aEPSS 1.6%CVE-2024-42738HIGHIn TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. AutheEPSS 1.6%