Falhas do tipo CWE-78
3.847 resultadosCVE-2024-36060HIGHEnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test paramEPSS 1.4%CVE-2023-51585HIGHVoltronic Power ViewPower USBCommEx shutdown Command Injection Remote Code Execution VulnerabilityEPSS 1.4%CVE-2026-7446MEDIUMVetCoders mcp-server-semgrep MCP index.ts create_rule os command injectionEPSS 1.4%CVE-2024-58314HIGHAtcom 2.7.x.x Authenticated Command Injection via Web Configuration CGIEPSS 1.4%CVE-2024-45763CRITICALDell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS CommEPSS 1.4%CVE-2024-45765CRITICALDell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS CommEPSS 1.4%CVE-2025-11148CRITICALAll versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted withEPSS 1.4%CVE-2023-28394HIGHBeekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of tEPSS 1.4%CVE-2026-8235MEDIUM8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injectionEPSS 1.4%CVE-2025-34150CRITICALShenzhen Aitemi M300 Wi-Fi Repeater PPPoE Username Command InjectionEPSS 1.4%CVE-2025-12489HIGHevernote-mcp-server openBrowser Command Injection Privilege Escalation VulnerabilityEPSS 1.4%CVE-2024-9139HIGHOS Command Injection in Restricted CommandEPSS 1.4%CVE-2026-9452MEDIUMFoundDream miniclawd exec.ts ExecTool.execute os command injectionEPSS 1.4%CVE-2024-51024HIGHD-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings functiEPSS 1.4%CVE-2022-40954MEDIUMApache Airflow Spark Provider RCE that bypass restrictions to read arbitrary filesEPSS 1.4%CVE-2023-0118CRITICALForeman: arbitrary code execution through templatesEPSS 1.4%CVE-2025-68109CRITICALChurchCRM vulnerable to RCE with database restore functionalityEPSS 1.4%CVE-2026-5012MEDIUMelecV2 elecV2P rpc pm2run os command injectionEPSS 1.4%CVE-2023-0164HIGHOrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because tEPSS 1.4%CVE-2025-41272CRITICALNozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the EPSS 1.4%