Falhas do tipo CWE-77

2.525 resultados
CVE-2026-22785CRITICALorval MCP client is vulnerable to a code injection attack.EPSS 0.7%CVE-2026-32194CRITICALMicrosoft Bing Images Remote Code Execution VulnerabilityEPSS 0.7%CVE-2024-48830HIGHDell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special ElementsEPSS 0.7%CVE-2017-12339A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attackEPSS 0.7%CVE-2024-49557HIGHDell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special ElementsEPSS 0.7%CVE-2023-23356MEDIUMQuFirewallEPSS 0.7%CVE-2025-65292HIGHCommand injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attEPSS 0.7%CVE-2026-4496MEDIUMsigmade Git-MCP-Server gitUtils.ts child_process.exec os command injectionEPSS 0.7%CVE-2026-5621MEDIUMChrisChinchilla Vale-MCP HTTP index.ts os command injectionEPSS 0.7%CVE-2026-5619MEDIUMBraffolk mcp-summarization-functions summarize_command mcp-server.ts os command injectionEPSS 0.7%CVE-2024-39703HIGHIn ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API eEPSS 0.7%CVE-2025-67397CRITICALAn issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific pEPSS 0.7%CVE-2024-24550HIGHBludit - Remote Code Execution (RCE) through File APIEPSS 0.7%CVE-2022-26415HIGHOn F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior EPSS 0.7%CVE-2023-50274HIGHHPE OneView may allow command injection with local privilege escalation.EPSS 0.7%CVE-2024-35401MEDIUMTOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFEPSS 0.7%CVE-2025-37138MEDIUMAuthenticated Command Injection Vulnerability in CLI Binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface (Physical Access Required)EPSS 0.7%CVE-2025-48978HIGHAn Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with acEPSS 0.7%CVE-2023-47356HIGHMingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution (RCE) vulnerability via the log_type parameterEPSS 0.7%CVE-2026-38142MEDIUMAn unauthenticated command injection vulnerability in the /goform/fast_setting_internet_set endpoint of Tenda AC18 v15.03.05.05 allows attacEPSS 0.7%