Weaknesses of type CWE-77
2,524 resultsCVE-2024-49194HIGHDatabricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL pEPSS 0.7%CVE-2026-22785CRITICALorval MCP client is vulnerable to a code injection attack.EPSS 0.7%CVE-2026-32194CRITICALMicrosoft Bing Images Remote Code Execution VulnerabilityEPSS 0.7%CVE-2024-48830HIGHDell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special ElementsEPSS 0.7%CVE-2025-25796MEDIUMSeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.EPSS 0.7%CVE-2025-25802MEDIUMSeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.EPSS 0.7%CVE-2025-25813MEDIUMSeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php.EPSS 0.7%CVE-2025-25797MEDIUMSeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.EPSS 0.7%CVE-2025-25794MEDIUMSeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.EPSS 0.7%CVE-2025-25793MEDIUMSeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.EPSS 0.7%CVE-2017-12339—A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attackEPSS 0.7%CVE-2024-49557HIGHDell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special ElementsEPSS 0.7%CVE-2025-65292HIGHCommand injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attEPSS 0.7%CVE-2023-23356MEDIUMQuFirewallEPSS 0.7%CVE-2026-4496MEDIUMsigmade Git-MCP-Server gitUtils.ts child_process.exec os command injectionEPSS 0.7%CVE-2026-5619MEDIUMBraffolk mcp-summarization-functions summarize_command mcp-server.ts os command injectionEPSS 0.7%CVE-2026-5621MEDIUMChrisChinchilla Vale-MCP HTTP index.ts os command injectionEPSS 0.7%CVE-2024-39703HIGHIn ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API eEPSS 0.7%CVE-2024-24550HIGHBludit - Remote Code Execution (RCE) through File APIEPSS 0.7%CVE-2025-67397CRITICALAn issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific pEPSS 0.7%