Falhas do tipo CWE-116
279 resultadosCVE-2024-38475CRITICALApache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.EPSS 100.0%KEVCVE-2023-32071CRITICALXWiki Platform vulnerable to RXSS via editor parameter - importinline templateEPSS 71.1%CVE-2024-39929MEDIUMExim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blockingEPSS 41.2%CVE-2024-1874CRITICALCommand injection via array-ish $command parameter of proc_open()EPSS 32.6%CVE-2022-24682MEDIUMAn issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wEPSS 31.1%KEVCVE-2024-5585HIGHCommand injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)EPSS 28.8%CVE-2024-50629MEDIUMImproper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology EPSS 27.0%CVE-2024-38473HIGHApache HTTP Server proxy encoding problemEPSS 25.9%CVE-2025-60787HIGHMotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user iEPSS 24.7%CVE-2026-20245HIGHCisco Catalyst SD-WAN Controller Authenticated Privilege Escalation VulnerabilityEPSS 9.9%KEVCVE-2026-40871HIGHmailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via APIEPSS 9.9%CVE-2022-25235CRITICALxmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valEPSS 4.9%CVE-2025-31651CRITICALApache Tomcat: Bypass of rules in Rewrite ValveEPSS 4.2%CVE-2022-29599—Commandline class shell injection vulnerabilitiesEPSS 4.0%CVE-2019-6109MEDIUMAn issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle EPSS 3.8%CVE-2019-9853—Insufficient URL decoding flaw in categorizing macro locationEPSS 3.2%CVE-2022-42948CRITICALCobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is poEPSS 2.7%KEVCVE-2025-56266CRITICALA Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.EPSS 2.7%CVE-2022-45143—Apache Tomcat: JsonErrorReportValve escapingEPSS 2.5%CVE-2024-38474HIGHApache HTTP Server weakness with encoded question marks in backreferencesEPSS 2.5%