Fallos del tipo CWE-77

2522 resultados
CVE-2025-64052MEDIUMAn issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arbitrary system commanEPSS 2.8%CVE-2025-6102HIGHWifi-soft UniBox Controller logout.php os command injectionEPSS 2.8%CVE-2026-26792CRITICALGL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_uEPSS 2.8%CVE-2022-21129HIGHVersions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exporEPSS 2.8%CVE-2020-8186A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input toEPSS 2.8%CVE-2022-45462CRITICALApache DolphinScheduler prior to 2.0.5 have command execution vulnerabilityEPSS 2.8%CVE-2024-2642HIGHRuijie RG-NBS2009G-P EXCU_SHELL command injectionEPSS 2.8%CVE-2026-1547MEDIUMTotolink A7000R cstecgi.cgi setUnloadUserData command injectionEPSS 2.8%CVE-2018-3772Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The `whereis` moEPSS 2.8%CVE-2021-34748HIGHCisco Intersight Virtual Appliance Command Injection VulnerabilityEPSS 2.8%CVE-2024-35374CRITICALMocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to EPSS 2.7%CVE-2026-1802MEDIUMZiroom ZHOME A0101 zrMacClone.lua macAddrClone command injectionEPSS 2.7%CVE-2025-60701MEDIUMA command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. ThEPSS 2.7%CVE-2025-60700MEDIUMA command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `librcm.so` binarEPSS 2.7%CVE-2022-42161HIGHD-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at functioEPSS 2.7%CVE-2022-42156HIGHD-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at functionEPSS 2.7%CVE-2022-42160HIGHD-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at functEPSS 2.7%CVE-2026-1149MEDIUMTotolink LR350 POST Request cstecgi.cgi setDiagnosisCfg command injectionEPSS 2.7%CVE-2019-25029In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via EPSS 2.7%CVE-2026-32241HIGHFlannel vulnerable to cross-node remote code execution via extension backend BackendData injectionEPSS 2.7%