Fallos del tipo CWE-78

3885 resultados
CVE-2025-26074CRITICALOrkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.EPSS 0.6%CVE-2025-29534HIGHAn authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentiaEPSS 0.6%CVE-2025-41675HIGHRemote Command Injection via GET in Cloud Server Communication Script Due to Improper Input NeutralizationEPSS 0.6%CVE-2025-41674HIGHRemote Command Injection in diagnostic Action Due to Improper Input NeutralizationEPSS 0.6%CVE-2023-27198MEDIUMPAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and inclEPSS 0.6%CVE-2026-41208HIGHPaperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command ExecutionEPSS 0.6%CVE-2020-13712HIGHMGOS Command InjectionEPSS 0.6%CVE-2026-28673HIGHxiaoheiFS Vulnerable to RCE via Unrestricted Plugin Installation (Manifest Manipulation)EPSS 0.6%CVE-2025-66626HIGHargoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic linksEPSS 0.6%CVE-2026-34714CRITICALVim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr}EPSS 0.6%CVE-2023-24422HIGHA sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackerEPSS 0.6%CVE-2025-12744HIGHAbrt: command-injection in abrt leading to local privilege escalationEPSS 0.6%CVE-2025-52626MEDIUMHCL AION is susceptible to Potential Command Injection vulnerabilityEPSS 0.6%CVE-2025-51958CRITICALaelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/pluginEPSS 0.6%CVE-2025-47203MEDIUMdbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.EPSS 0.6%CVE-2026-9863HIGHCore Privileged Access Manager (BoKS) upgrade tooling command injection vulnerabilityEPSS 0.6%CVE-2026-31178CRITICALAn issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxEPSS 0.6%CVE-2026-31181CRITICALAn issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunSerEPSS 0.6%CVE-2024-5400HIGHOpenfind Mail2000 - OS Command InjectionEPSS 0.6%CVE-2022-4515HIGHA flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename spEPSS 0.6%