Fallos del tipo CWE-78

3878 resultados
CVE-2025-25893HIGHAn OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocolEPSS 1.0%CVE-2025-25894HIGHAn OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the samba_wg and samba_nbn parameters. This vulnerability EPSS 1.0%CVE-2023-35019HIGHIBM Security Verify Governance command executionEPSS 1.0%CVE-2024-48895HIGHImproper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware versionEPSS 1.0%CVE-2022-43464HIGHHidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authEPSS 1.0%CVE-2024-43778HIGHOS command injection vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticaEPSS 1.0%CVE-2026-49261CRITICALMariaDB server has unsafe parameter handling in `wsrep_notify_cmd`EPSS 1.0%CVE-2024-20335MEDIUMA vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticEPSS 1.0%CVE-2023-44415MEDIUMD-Link Multiple Routers cli Command Injection Remote Code Execution VulnerabilityEPSS 1.0%CVE-2025-3022CRITICALOS Command Injection vulnerability in e-management of e-solutionsEPSS 1.0%CVE-2026-4620HIGHOS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.EPSS 1.0%CVE-2023-28704HIGHFurbo dog camera - Command InjectionEPSS 1.0%CVE-2025-41427HIGHWRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command InjectEPSS 1.0%CVE-2025-8693HIGHA post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earliEPSS 1.0%CVE-2026-5707HIGHCommand Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)EPSS 1.0%CVE-2024-28125CRITICALFitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed tEPSS 1.0%CVE-2024-13089HIGHAuthenticated RCE in update functionality in Guardian/CMC before 24.6.0EPSS 1.0%CVE-2025-0676HIGHCommend Injection Leading to Privilege EscalationEPSS 1.0%CVE-2026-22893HIGHQTS, QuTS heroEPSS 1.0%CVE-2021-42081CRITICALAuthenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355EPSS 1.0%