Falhas do tipo CWE-78

3.885 resultados
CVE-2026-43991HIGHJunoClaw: plugin-shell shell-injection bypass via substring blocklistEPSS 0.2%CVE-2026-54344MEDIUMToolJet GitHub Actions comment body shell injection exposes deployment secretsEPSS 0.2%CVE-2026-43943HIGHelecterm: RCE via malicious SSH server filename in openFileWithEditorEPSS 0.2%CVE-2026-28463HIGHOpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Safe Bins AllowlistEPSS 0.2%CVE-2025-54595HIGHPearcleaner's unauthenticated access to privileged XPC helper allows root command executionEPSS 0.2%CVE-2024-58278HIGHIndigoSTAR Software - perl2exe <= V30.10C - Arbitrary Code ExecutionEPSS 0.2%CVE-2025-20220MEDIUMA vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) SoftwareEPSS 0.2%CVE-2026-34779MEDIUMElectron: AppleScript injection in app.moveToApplicationsFolder on macOSEPSS 0.2%CVE-2026-55849HIGH@cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized `--workspace` ArgumentEPSS 0.2%CVE-2026-55448MEDIUMmise: Local credential_command executes untrusted configEPSS 0.2%CVE-2026-44713HIGHpam_usb: Command injection via $TMUX environment variable leads to RCE as rootEPSS 0.2%CVE-2025-40582HIGHA vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed)EPSS 0.2%CVE-2025-54314LOWThor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that EPSS 0.2%CVE-2026-49260HIGHPhpWeasyPrint: shell command injection via configurable WeasyPrint binary path due to inverted is_executable() guard (mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc)EPSS 0.2%CVE-2026-55895MEDIUMVim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filenameEPSS 0.2%CVE-2026-44712HIGHpam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agentEPSS 0.2%CVE-2026-46643HIGHSnappy: Binary path is never shell-escaped due to an inverted is_executable checkEPSS 0.2%CVE-2026-43990HIGHJunoClaw: plugin-shell shell-metacharacter injection via shell wrapperEPSS 0.2%CVE-2026-25933MEDIUMArduino App Lab has Improper Data Validation in Internal Terminal InterfaceEPSS 0.2%CVE-2025-6183HIGHConfigd InjectionEPSS 0.2%