Falhas do tipo CWE-78

3.885 resultados
CVE-2026-49185CRITICALInstruction Injection via FieldX MDMEPSS 0.4%CVE-2026-28797HIGHRAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" ComponentEPSS 0.4%CVE-2026-34955HIGHPraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandboxEPSS 0.4%CVE-2019-25255HIGHVideoFlow Digital Video Protection DVP 2.10 Authenticated Remote Code ExecutionEPSS 0.4%CVE-2023-23693MEDIUM Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privEPSS 0.4%CVE-2026-32034MEDIUMOpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTPEPSS 0.4%CVE-2022-33923MEDIUMDell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticaEPSS 0.4%CVE-2025-70039CRITICALAn issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1EPSS 0.4%CVE-2026-45035CRITICALTabby: RCE via `tabby://run` URL SchemeEPSS 0.4%CVE-2021-1370HIGHCisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Privilege Escalation VulnerabilityEPSS 0.4%CVE-2026-4946HIGHNSA Ghidra Auto-Analysis Annotation Command ExecutionEPSS 0.4%CVE-2025-58059CRITICALValtimo scripting engine can be used to gain access to sensitive data or resourcesEPSS 0.4%CVE-2020-3459MEDIUMCisco FXOS Software for Firepower 4100/9300 Series Command Injection VulnerabilityEPSS 0.4%CVE-2020-3403MEDIUMCisco IOS XE Software Command Injection VulnerabilityEPSS 0.4%CVE-2026-56004CRITICALobs-service-tar_scm: command injection via mercurial handlerEPSS 0.4%CVE-2023-20082MEDIUMCisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass VulnerabilityEPSS 0.4%CVE-2025-30076HIGHKoha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter.EPSS 0.4%CVE-2023-38588HIGHArcher C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OEPSS 0.4%CVE-2026-5967HIGHTeamT5|ThreatSonar Anti-Ransomware - Privilege EscalationEPSS 0.4%CVE-2026-45556CRITICALRoxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`EPSS 0.4%