Falhas do tipo CWE-78
3.786 resultadosCVE-2020-12641CRITICALrcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setEPSS 84.5%KEVCVE-2025-64328HIGHFreePBX Administration GUI is Vulnerable to Authenticated Command InjectionEPSS 84.4%KEVCVE-2023-27992CRITICALThe pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versEPSS 84.3%KEVCVE-2022-1292CRITICALThe c_rehash script allows command injectionEPSS 83.6%CVE-2023-43208CRITICALNextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability iEPSS 82.7%KEVCVE-2021-27561CRITICALYealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authenticatiEPSS 82.5%KEVCVE-2024-12856HIGHFour-Faith Industrial Router adjust_sys_time OS Command InjectionEPSS 82.2%CVE-2023-39362HIGHAuthenticated command injection in SNMP options of a DeviceEPSS 82.2%CVE-2024-8957HIGHPTZOptics NDI and SDI Cameras Command Injection via NTP Address ConfigurationEPSS 82.0%KEVCVE-2023-1698CRITICALWAGO: WBM Command Injection in multiple productsEPSS 81.9%CVE-2024-9464CRITICALExpedition: Authenticated OS Command Injection Vulnerability Leads to Firewall Admin Credential DisclosureEPSS 81.7%CVE-2022-26258CRITICALD-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.EPSS 81.2%KEVCVE-2020-26259MEDIUMXStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshallingEPSS 81.0%CVE-2023-46359CRITICALAn OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacEPSS 80.9%CVE-2020-10987CRITICALThe goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via tEPSS 79.7%KEVCVE-2022-2487HIGHWAVLINK WN535K2/WN535K3 nightled.cgi os command injectionEPSS 79.5%CVE-2023-30253HIGHDolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injectEPSS 79.3%CVE-2024-10915CRITICALD-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injectionEPSS 79.1%CVE-2023-5684MEDIUMByzoro Smart S85F Management Platform importexport.php os command injectionEPSS 78.4%CVE-2024-23108CRITICALAn improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to EPSS 78.4%