Falhas do tipo CWE-78

3.877 resultados
CVE-2025-43911MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 releasEPSS 0.6%CVE-2025-43890MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 releasEPSS 0.6%CVE-2025-36567MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releasEPSS 0.6%CVE-2025-43906MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 releasEPSS 0.6%CVE-2025-36566MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releasEPSS 0.6%CVE-2023-51699MEDIUMOS Command Injection for Fluid Users with JuicefsRuntimeEPSS 0.6%CVE-2026-13760HIGHOS Command Injection in aws-cdk-lib Docker BundlingEPSS 0.6%CVE-2025-37158MEDIUMAuthenticated Command Injection allows Unauthorized Command Execution in AOS-CXEPSS 0.6%CVE-2021-47747HIGHmeterN 1.2.3 Authenticated Remote Code Execution via Admin ScriptsEPSS 0.6%CVE-2025-37157MEDIUMAuthenticated Command Injection allows Unauthorized Command Execution in AOS-CXEPSS 0.6%CVE-2026-40288CRITICALPraisonAI: Critical RCE via `type: job` workflow YAMLEPSS 0.6%CVE-2022-38132HIGHCommand injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands.EPSS 0.6%CVE-2023-25554HIGH A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows aEPSS 0.6%CVE-2022-48585HIGHA SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inpuEPSS 0.6%CVE-2022-48601HIGHA SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inEPSS 0.6%CVE-2022-48595HIGHA SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlleEPSS 0.6%CVE-2022-48586HIGHA SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and pEPSS 0.6%CVE-2022-48587HIGHA SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input aEPSS 0.6%CVE-2022-48592HIGHA SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takesEPSS 0.6%CVE-2022-48596HIGHA SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled iEPSS 0.6%