Fallos del tipo CWE-78

3786 resultados

CVE-2020-16846CRITICALAn issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can resulEPSS 99.6%KEV CVE-2023-28771CRITICALImproper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.EPSS 99.3%KEV CVE-2022-36804HIGHMultiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10,EPSS 99.2%KEV CVE-2020-11978HIGHAn issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the EPSS 99.1%KEV CVE-2026-10520CRITICALAn OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated userEPSS 98.9%CVE-2019-11539HIGHIn Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 anEPSS 98.6%KEV CVE-2024-50603CRITICALAn issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elemEPSS 98.5%KEV CVE-2024-9463CRITICALExpedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential DisclosureEPSS 98.4%KEV CVE-2024-12987MEDIUMDrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injectionEPSS 98.1%KEV CVE-2023-25280CRITICALOS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with tEPSS 98.1%KEV CVE-2020-1956HIGHApache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, aEPSS 98.0%KEV CVE-2022-2024CRITICALOS Command Injection in gogs/gogsEPSS 97.8%CVE-2021-45382CRITICALA Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-EPSS 97.8%KEV CVE-2021-36380CRITICALSunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiaEPSS 97.6%KEV CVE-2024-10914CRITICALD-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injectionEPSS 97.4%CVE-2019-7256CRITICALLinear eMerge E3-Series devices allow Command Injections.EPSS 97.1%KEV CVE-2021-22502CRITICALRemote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability couldEPSS 96.7%KEV CVE-2020-25223CRITICALA remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11EPSS 96.7%KEV CVE-2018-6530CRITICALOS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previousEPSS 96.6%KEV CVE-2019-20500HIGHD-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality iEPSS 96.1%KEV

← anteriorpágina 2 / 190siguiente →