Falhas do tipo CWE-78

3.878 resultados
CVE-2022-48590HIGHA SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐contrEPSS 0.6%CVE-2022-48600HIGHA SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and paEPSS 0.6%CVE-2022-48594HIGHA SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled iEPSS 0.6%CVE-2024-32118MEDIUMMultiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet ForEPSS 0.6%CVE-2022-48601HIGHA SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inEPSS 0.6%CVE-2022-48589HIGHA SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inEPSS 0.6%CVE-2022-48587HIGHA SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input aEPSS 0.6%CVE-2022-48598HIGHA SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controllEPSS 0.6%CVE-2022-48602HIGHA SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inEPSS 0.6%CVE-2022-48603HIGHA SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled iEPSS 0.6%CVE-2022-48599HIGHA SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inEPSS 0.6%CVE-2022-48592HIGHA SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takesEPSS 0.6%CVE-2026-33414MEDIUMPowerShell Command Injection in Podman HyperV MachineEPSS 0.6%CVE-2024-45720HIGHApache Subversion: Command line argument injection on Windows platformsEPSS 0.6%CVE-2022-42433MEDIUMThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_EPSS 0.6%CVE-2026-42846CRITICALClipBucket: Remote Play URL Command InjectionEPSS 0.6%CVE-2023-37249Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.EPSS 0.6%CVE-2025-0356HIGHNEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands vEPSS 0.6%CVE-2018-0185Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commandEPSS 0.6%CVE-2023-44277HIGH Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in EPSS 0.6%