Weaknesses of type CWE-77

2,524 results
CVE-2023-26429LOWControl characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedEPSS 0.8%CVE-2025-25691MEDIUMA PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a cEPSS 0.8%CVE-2024-42025HIGHA Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and eaEPSS 0.8%CVE-2024-45066CRITICALDover Fueling Solutions ProGauge MAGLINK LX CONSOLE Command InjectionEPSS 0.8%CVE-2024-43693CRITICALDover Fueling Solutions ProGauge MAGLINK LX CONSOLE Command InjectionEPSS 0.8%CVE-2025-22472HIGHDell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special ElementsEPSS 0.8%CVE-2025-45493MEDIUMNetgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.EPSS 0.8%CVE-2024-7700MEDIUMForeman: command injection in "host init config" template via "install packages" field on foremanEPSS 0.8%CVE-2024-36073HIGHNetwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowEPSS 0.8%CVE-2023-28677CRITICALJenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build SEPSS 0.8%CVE-2026-3964MEDIUMOpenAkita Chat API Endpoint shell.py run os command injectionEPSS 0.8%CVE-2025-63603MEDIUMA command injection vulnerability exists in the MCP Data Science Server's (reading-plus-ai/mcp-server-data-exploration) 0.1.6 in the safe_evEPSS 0.8%CVE-2023-38690MEDIUMmatrix-appservice-irc IRC command injection via admin commands containing newlines EPSS 0.8%CVE-2024-46084HIGHScriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function.EPSS 0.8%CVE-2021-4406CRITICALAuthenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and othersEPSS 0.8%CVE-2024-45348MEDIUMXiaomi Router AX9000 has a post-authorization command injection vulnerabilityEPSS 0.8%CVE-2026-30898HIGHApache Airflow: Bad example of BashOperator shell injection via dag_run.confEPSS 0.8%CVE-2023-52038CRITICALAn issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function.EPSS 0.8%CVE-2023-52039CRITICALAn issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.EPSS 0.8%CVE-2025-25692MEDIUMA PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a craftEPSS 0.8%