Weaknesses of type CWE-77

2,525 results
CVE-2025-69201HIGHTugtainer has RCE in Agent Command Execution ApiEPSS 0.4%CVE-2024-53672MEDIUMAuthenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management InterfaceEPSS 0.4%CVE-2024-9579HIGHCertain Poly Video Conference Devices – Potential Remote Code ExecutionEPSS 0.4%CVE-2024-56836HIGHA vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEEPSS 0.4%CVE-2024-23247HIGHThe issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5EPSS 0.4%CVE-2023-0978MEDIUM A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and executeEPSS 0.4%CVE-2025-25792MEDIUMSeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php.EPSS 0.4%CVE-2025-46365MEDIUMDell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to causeEPSS 0.4%CVE-2026-21638HIGHA malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote EPSS 0.4%CVE-2025-56426MEDIUMAn issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the priEPSS 0.4%CVE-2025-52483HIGHRegistrator.jl Vulnerable to Argument Injection and Command InjectionEPSS 0.4%CVE-2025-55848HIGHAn issue was discovered in DIR-823 firmware 20250416. There is an RCE vulnerability in the set_cassword settings interface, as the http_cassEPSS 0.4%CVE-2025-43714MEDIUMThe ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a cEPSS 0.4%CVE-2025-50891HIGHThe server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijaEPSS 0.4%CVE-2025-44023MEDIUMAn issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows an attacker to execute arbitrary via the account_mgr.cgi->cgi_chg_adEPSS 0.4%CVE-2019-16011HIGHCisco IOS XE SD-WAN Software Command Injection VulnerabilityEPSS 0.4%CVE-2024-51257HIGHDrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the EPSS 0.4%CVE-2024-51255CRITICALDrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the EPSS 0.4%CVE-2026-8431CRITICALOps Manager RCE via webhook bodyEPSS 0.4%CVE-2022-29256MEDIUMPossible vulnerability at 'npm install' time in sharp if an attacker has control over build environmentEPSS 0.4%