Fallos del tipo CWE-77
2516 resultadosCVE-2024-55956CRITICALIn Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitEPSS 93.8%KEVCVE-2022-40022CRITICALMicrochip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.EPSS 92.5%CVE-2019-5420—A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically geneEPSS 92.1%CVE-2024-11320MEDIUMCommand Injection leading to RCE via LDAP MisconfigurationEPSS 90.5%CVE-2023-47218MEDIUMQTS, QuTS hero, QuTScloudEPSS 89.2%CVE-2024-12356CRITICALCommand Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)EPSS 88.0%KEVCVE-2022-40770HIGHZoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by highEPSS 82.5%CVE-2023-4120MEDIUMByzoro Smart S85F Management Platform importhtml.php command injectionEPSS 81.1%CVE-2023-20889HIGHAria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria OperatioEPSS 79.1%CVE-2018-12465CRITICALRemote Code Execution in Micro Focus Secure Messaging GatewayEPSS 79.0%CVE-2021-42129—A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform EPSS 77.3%CVE-2023-32007HIGHApache Spark: Shell command injection via Spark UIEPSS 75.8%CVE-2026-42271HIGHLiteLLM: Authenticated command execution via MCP stdio test endpointsEPSS 75.0%KEVCVE-2025-4009CRITICALUnauthenticated Arbitrary Command Injection in Evertz SDVNEPSS 74.9%CVE-2005-2773CRITICALHP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) EPSS 74.1%KEVCVE-2021-4045CRITICALTP-LINK Tapo C200 remote code execution vulnerabilityEPSS 72.8%CVE-2017-15889—Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to exEPSS 72.5%CVE-2024-22729CRITICALNETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.EPSS 70.8%CVE-2021-42132—A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform EPSS 70.1%CVE-2023-26801CRITICALLB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a comEPSS 69.7%