Falhas do tipo CWE-20
4.566 resultadosCVE-2021-45105MEDIUMApache Log4j2 does not always protect from infinite recursion in lookup evaluationEPSS 100.0%CVE-2024-3400CRITICALPAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtectEPSS 100.0%KEVCVE-2021-21985CRITICALThe vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plEPSS 100.0%KEVCVE-2021-44228CRITICALApache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpointsEPSS 100.0%KEVCVE-2018-7600CRITICALDrupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because oEPSS 100.0%KEVCVE-2020-3452HIGHCisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal VulnerabilityEPSS 100.0%KEVCVE-2019-0604CRITICALA remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application paEPSS 99.9%KEVCVE-2018-0296HIGHA vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to causeEPSS 99.9%KEVCVE-2022-47966CRITICALMultiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache SanEPSS 99.8%KEVCVE-2022-1471HIGHRemote Code execution in SnakeYAMLEPSS 99.6%CVE-2018-0171HIGHA vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attackerEPSS 99.5%KEVCVE-2017-0148HIGHThe SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold anEPSS 99.4%KEVCVE-2022-24086CRITICALAdobe Commerce checkout improper input validation leads to remote code executionEPSS 99.2%KEVCVE-2023-22515CRITICALAtlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknowEPSS 99.2%KEVCVE-2017-3881CRITICALA vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unautheEPSS 99.0%KEVCVE-2017-9791CRITICALThe Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message tEPSS 98.9%KEVCVE-2023-32560HIGHAn attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary coEPSS 98.9%CVE-2017-15944CRITICALPalo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to executeEPSS 98.3%KEVCVE-2019-1821HIGHCisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution VulnerabilitiesEPSS 98.1%CVE-2021-44832MEDIUMApache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configurationEPSS 97.9%