Falhas do tipo CWE-78

3.837 resultados
CVE-2025-66253CRITICALUnauthenticated OS Command Injection (start_upgrade.php)EPSS 2.1%CVE-2025-66261CRITICALUnauthenticated OS Command Injection (restore_settings.php)EPSS 2.1%CVE-2026-28773CRITICALAuthenticated OS Command Injection via Ping Utility Leading to RCE as RootEPSS 2.1%CVE-2023-34989HIGHA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.EPSS 2.1%CVE-2023-34987HIGHA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.EPSS 2.1%CVE-2024-4298HIGHHGiga iSherlock - Command InjectionEPSS 2.1%CVE-2023-34986HIGHA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.EPSS 2.1%CVE-2023-34985HIGHA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.EPSS 2.1%CVE-2023-34988HIGHA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.EPSS 2.1%CVE-2022-3275HIGHPuppetlabs-apt Command InjectionEPSS 2.1%CVE-2024-4299HIGHHGiga iSherlock - Command InjectionEPSS 2.1%CVE-2023-29944CRITICALMetersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom EPSS 2.1%CVE-2024-41314MEDIUMTOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disableEPSS 2.1%CVE-2024-48631HIGHD-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in EPSS 2.1%CVE-2024-45890HIGHDrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parametEPSS 2.1%CVE-2024-45887HIGHDrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameEPSS 2.1%CVE-2024-45884HIGHDrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameEPSS 2.1%CVE-2023-26155HIGHAll versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize EPSS 2.1%CVE-2024-42633HIGHA Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an aEPSS 2.1%CVE-2025-56082HIGHOS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request tEPSS 2.1%