Fallos del tipo CWE-78
3891 resultadosCVE-2025-58374HIGHRoo Code: Auto-approve allows npm install execution of malicious postinstall scriptsEPSS 0.2%CVE-2026-0383HIGHInformation disclosure in Brocade Fabric OS before 9.2.1c2, 9.2.2 through 9.2.2a and 10.0.0EPSS 0.2%CVE-2025-13605CRITICALShell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gatewayEPSS 0.2%CVE-2026-22169HIGHOpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBinsEPSS 0.2%CVE-2026-10544MEDIUMImproper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authentEPSS 0.2%CVE-2026-34049LOWCoolify: Command Injection via unsanitized MongoDB collection names in database backupEPSS 0.2%CVE-2026-42201LOWCoolify: OS Command Injection via Database Credential Fields in Docker Compose Service CommandsEPSS 0.2%CVE-2021-36293MEDIUMDell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially expEPSS 0.2%CVE-2025-68922HIGHOpenOps before 0.6.11 allows remote code execution in the Terraform block.EPSS 0.2%CVE-2026-55748MEDIUMOpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharaEPSS 0.2%CVE-2025-12122MEDIUMPopup Box – Easily Create WordPress Popups <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-8934MEDIUMBeckhoff: Local command injection via TwinCAT Package ManagerEPSS 0.2%CVE-2026-45136HIGHclaude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.shEPSS 0.2%CVE-2024-50377MEDIUMA CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3)EPSS 0.2%CVE-2025-67640MEDIUMJenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a teEPSS 0.2%CVE-2023-20193MEDIUMA vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbEPSS 0.2%CVE-2026-55441HIGHmise: Arbitrary command execution via task-include files in an untrusted, config-less repositoryEPSS 0.2%CVE-2025-23294HIGHNVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A sucEPSS 0.2%CVE-2024-20461MEDIUMCisco ATA 190 Series Analog Telephone Adapter Firmware Command Injection VulnerabilityEPSS 0.2%CVE-2025-20295MEDIUMCisco UCS Manager Software Command Injection VulnerabilityEPSS 0.2%