Falhas do tipo CWE-74
4.148 resultadosCVE-2026-0641MEDIUMTOTOLINK WA300 cstecgi.cgi sub_401510 command injectionEPSS 2.4%CVE-2026-1150MEDIUMTotolink LR350 POST Request cstecgi.cgi setTracerouteCfg command injectionEPSS 2.4%CVE-2025-15081MEDIUMJD Cloud BE6500 jdcapi sub_4780 command injectionEPSS 2.3%CVE-2026-7833HIGHEFM ipTIME C200 ApplyRestore Endpoint iux_set.cgi sub_408F90 command injectionEPSS 2.3%CVE-2026-6118MEDIUMAstrBotDevs AstrBot MCP Endpoint tools.py add_mcp_server command injectionEPSS 2.3%CVE-2025-4135MEDIUMNetgear WG302v2 ui_get_input_value command injectionEPSS 2.3%CVE-2026-5030MEDIUMTotolink NR1800X Telnet Service cstecgi.cgi NTPSyncWithHost command injectionEPSS 2.3%CVE-2023-37897HIGHServer-side Template Injection (SSTI) in gravEPSS 2.3%CVE-2026-5020MEDIUMTotolink A3600R Parameter cstecgi.cgi setNoticeCfg command injectionEPSS 2.2%CVE-2026-1623MEDIUMTotolink A7000R cstecgi.cgi setUpgradeFW command injectionEPSS 2.2%CVE-2026-5101MEDIUMTotolink A3300R Parameter cstecgi.cgi setLanCfg command injectionEPSS 2.2%CVE-2020-28246CRITICALA Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default EPSS 2.2%CVE-2025-0328MEDIUMKaiYuanTong ECT Platform HTTP POST Request runCode.php command injectionEPSS 2.2%CVE-2021-32827MEDIUMArbitrary code execution in MockServerEPSS 2.2%CVE-2026-5102MEDIUMTotolink A3300R Parameter cstecgi.cgi setSmartQosCfg command injectionEPSS 2.2%CVE-2026-6279CRITICALAvada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX HandlerEPSS 2.2%CVE-2022-39265HIGHMail settings' command parameter injection in mybbEPSS 2.2%CVE-2022-31631CRITICALPDO::quote() may return unquoted stringEPSS 2.2%CVE-2022-31086MEDIUMIncorrect Regular Expressions in ldap-account-managerEPSS 2.1%CVE-2020-15146CRITICALRemote Code Execution in SyliusResourceBundleEPSS 2.1%