Falhas do tipo CWE-78
3.877 resultadosCVE-2025-43890MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 releasEPSS 0.6%CVE-2025-36566MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releasEPSS 0.6%CVE-2025-43906MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 releasEPSS 0.6%CVE-2026-33648HIGHAVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and `liveTransmitionHistory_id` in Restreamer Log File PathEPSS 0.6%CVE-2025-43911MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 releasEPSS 0.6%CVE-2023-51699MEDIUMOS Command Injection for Fluid Users with JuicefsRuntimeEPSS 0.6%CVE-2021-47747HIGHmeterN 1.2.3 Authenticated Remote Code Execution via Admin ScriptsEPSS 0.6%CVE-2025-37157MEDIUMAuthenticated Command Injection allows Unauthorized Command Execution in AOS-CXEPSS 0.6%CVE-2026-13760HIGHOS Command Injection in aws-cdk-lib Docker BundlingEPSS 0.6%CVE-2025-37158MEDIUMAuthenticated Command Injection allows Unauthorized Command Execution in AOS-CXEPSS 0.6%CVE-2022-38132HIGHCommand injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands.EPSS 0.6%CVE-2026-40288CRITICALPraisonAI: Critical RCE via `type: job` workflow YAMLEPSS 0.6%CVE-2023-25554HIGH
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS
Command Injection') vulnerability exists that allows aEPSS 0.6%CVE-2022-48591HIGHA SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes uEPSS 0.6%CVE-2022-48596HIGHA SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled iEPSS 0.6%CVE-2022-48592HIGHA SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takesEPSS 0.6%CVE-2022-48597HIGHA SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inpEPSS 0.6%CVE-2022-48585HIGHA SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inpuEPSS 0.6%CVE-2022-48586HIGHA SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and pEPSS 0.6%CVE-2022-48595HIGHA SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlleEPSS 0.6%