Falhas do tipo CWE-78
3.878 resultadosCVE-2025-41673HIGHRemote Command Injection in send_sms Action Due to Improper Input NeutralizationEPSS 0.6%CVE-2023-27198MEDIUMPAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and inclEPSS 0.6%CVE-2026-41208HIGHPaperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command ExecutionEPSS 0.6%CVE-2020-13712HIGHMGOS Command InjectionEPSS 0.6%CVE-2026-28673HIGHxiaoheiFS Vulnerable to RCE via Unrestricted Plugin Installation (Manifest Manipulation)EPSS 0.6%CVE-2026-34714CRITICALVim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr}EPSS 0.6%CVE-2025-12744HIGHAbrt: command-injection in abrt leading to local privilege escalationEPSS 0.6%CVE-2023-24422HIGHA sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackerEPSS 0.6%CVE-2025-52626MEDIUMHCL AION is susceptible to Potential Command Injection vulnerabilityEPSS 0.6%CVE-2025-51958CRITICALaelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/pluginEPSS 0.6%CVE-2025-47203MEDIUMdbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.EPSS 0.6%CVE-2026-9863HIGHCore Privileged Access Manager (BoKS) upgrade tooling command injection vulnerabilityEPSS 0.6%CVE-2024-5400HIGHOpenfind Mail2000 - OS Command InjectionEPSS 0.6%CVE-2026-31178CRITICALAn issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxEPSS 0.6%CVE-2026-31181CRITICALAn issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunSerEPSS 0.6%CVE-2022-4515HIGHA flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename spEPSS 0.6%CVE-2024-56497MEDIUMAn improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7EPSS 0.6%CVE-2026-9560CRITICALPrivilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands wEPSS 0.6%CVE-2025-10622HIGHForeman: os command injection via ct_location and fcct_location parametersEPSS 0.6%CVE-2026-31019HIGHIn the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functEPSS 0.6%