Weaknesses of type CWE-77
2,525 resultsCVE-2024-22246HIGHVMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution.
A malicious acEPSS 0.4%CVE-2023-49587MEDIUMCommand Injection vulnerability in SAP Solution ManagerEPSS 0.4%CVE-2024-4712HIGHArbitrary File Creation in PaperCut NG/MF Web Print Image HandlerEPSS 0.4%CVE-2026-30624HIGHAgent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows usEPSS 0.4%CVE-2025-24049HIGHAzure Command Line Integration (CLI) Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2025-31710MEDIUMIn engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privEPSS 0.4%CVE-2024-57685MEDIUMAn issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file.EPSS 0.4%CVE-2025-29155MEDIUMAn issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpointEPSS 0.4%CVE-2024-51317MEDIUMAn issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize functionEPSS 0.4%CVE-2025-25796MEDIUMSeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.EPSS 0.4%CVE-2025-25793MEDIUMSeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.EPSS 0.4%CVE-2025-25802MEDIUMSeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.EPSS 0.4%CVE-2025-25797MEDIUMSeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.EPSS 0.4%CVE-2025-25794MEDIUMSeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.EPSS 0.4%CVE-2025-25813MEDIUMSeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php.EPSS 0.4%CVE-2025-51472MEDIUMCode Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python EPSS 0.4%CVE-2024-56086HIGHAn issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the bEPSS 0.4%CVE-2026-42895MEDIUMMicrosoft Copilot Tampering VulnerabilityEPSS 0.4%CVE-2026-42893HIGHMicrosoft Outlook for iOS Tampering VulnerabilityEPSS 0.4%CVE-2022-20345MEDIUMIn l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote coEPSS 0.4%