Fallos del tipo CWE-78

3887 resultados
CVE-2026-43685HIGHA Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating sEPSS 0.5%CVE-2022-22298MEDIUMA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIEPSS 0.5%CVE-2022-34437MEDIUMDell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentiaEPSS 0.5%CVE-2026-49366HIGHIn JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completionEPSS 0.5%CVE-2026-22902MEDIUMQuNetSwitchEPSS 0.5%CVE-2024-50376HIGHA CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devicEPSS 0.5%CVE-2026-54483MEDIUMDell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1EPSS 0.5%CVE-2026-46746HIGHA vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input iEPSS 0.5%CVE-2024-53992HIGHunzip-bot Allows Remote Code Execution (RCE) via archive extraction, password prompt, or video uploadEPSS 0.5%CVE-2024-11681MEDIUMRemote Code Execution in MacPortsEPSS 0.5%CVE-2025-67164CRITICALAn authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arEPSS 0.4%CVE-2026-41036HIGHCommand Injection Vulnerability in Quantum Networks Router QN-I-470EPSS 0.4%CVE-2019-1770MEDIUMCisco NX-OS Software Command Injection VulnerabilityEPSS 0.4%CVE-2026-27626CRITICALOliveTin vulnerable to OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checksEPSS 0.4%CVE-2025-54941MEDIUMApache Airflow: Command injection in "example_dag_decorator"EPSS 0.4%CVE-2025-11546CRITICALCLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleSeEPSS 0.4%CVE-2026-34940HIGHKubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model podsEPSS 0.4%CVE-2019-1745HIGHCisco IOS XE Software Command Injection VulnerabilityEPSS 0.4%CVE-2024-21821HIGHMultiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute aEPSS 0.4%CVE-2021-1584MEDIUMCisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation VulnerabilityEPSS 0.4%