Fallos del tipo CWE-78

3884 resultados
CVE-2023-44279MEDIUM Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability iEPSS 0.6%CVE-2024-42370HIGHLitestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflowEPSS 0.6%CVE-2025-43906MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 releasEPSS 0.6%CVE-2025-43911MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 releasEPSS 0.6%CVE-2026-33648HIGHAVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and `liveTransmitionHistory_id` in Restreamer Log File PathEPSS 0.6%CVE-2025-36566MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releasEPSS 0.6%CVE-2025-36567MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releasEPSS 0.6%CVE-2025-43890MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 releasEPSS 0.6%CVE-2023-51699MEDIUMOS Command Injection for Fluid Users with JuicefsRuntimeEPSS 0.6%CVE-2025-37158MEDIUMAuthenticated Command Injection allows Unauthorized Command Execution in AOS-CXEPSS 0.6%CVE-2025-37157MEDIUMAuthenticated Command Injection allows Unauthorized Command Execution in AOS-CXEPSS 0.6%CVE-2026-13760HIGHOS Command Injection in aws-cdk-lib Docker BundlingEPSS 0.6%CVE-2021-47747HIGHmeterN 1.2.3 Authenticated Remote Code Execution via Admin ScriptsEPSS 0.6%CVE-2026-40288CRITICALPraisonAI: Critical RCE via `type: job` workflow YAMLEPSS 0.6%CVE-2023-25554HIGH A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows aEPSS 0.6%CVE-2022-38132HIGHCommand injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands.EPSS 0.6%CVE-2022-48590HIGHA SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐contrEPSS 0.6%CVE-2022-48591HIGHA SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes uEPSS 0.6%CVE-2022-48585HIGHA SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inpuEPSS 0.6%CVE-2022-48600HIGHA SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and paEPSS 0.6%