Fallos del tipo CWE-78
3891 resultadosCVE-2026-55697HIGHpnpm: Repository-controlled configDependencies can select a pacquet native install engineEPSS 0.1%CVE-2026-41010HIGHReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where EPSS 0.1%CVE-2026-42148LOWCoolify: Command Injection via Unescaped Version String in Docker BuildEPSS 0.1%CVE-2026-10805MEDIUMNetworkmanager: networkmanager: local privilege escalation via malformed mud urls in dhclient backendEPSS 0.1%CVE-2026-41011HIGHPackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name = package_EPSS 0.1%CVE-2026-27806HIGHFleet Affected by Local Privilege Escalation via Tcl Command Injection in OrbitEPSS 0.1%CVE-2026-44072LOWsystem() after failed chdir()EPSS 0.1%CVE-2025-30007HIGHHestiaCP < 1.9.5 Authenticated OS Command Injection via DNS Record ManagementEPSS —CVE-2026-56688CRITICALDell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS CommaEPSS —CVE-2026-54149HIGHMaxKB MCP tool import validation bypass allows post-authentication remote code executionEPSS —CVE-2026-61434HIGHPraisonAI before 4.6.78 Allowlist Bypass via find -execEPSS —