Weaknesses of type CWE-77
2,525 resultsCVE-2023-51295MEDIUMPHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, tEPSS 0.3%CVE-2025-15367MEDIUMPOP3 command injection in user-controlled commandsEPSS 0.3%CVE-2025-15366MEDIUMIMAP command injection in user-controlled commandsEPSS 0.3%CVE-2024-45989MEDIUMMonica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injectiEPSS 0.3%CVE-2025-56769MEDIUMAn issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary methEPSS 0.3%CVE-2024-55466MEDIUMAn arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 EPSS 0.3%CVE-2024-4944HIGHMobile VPN with SSL Local Privilege Escalation VulnerabilityEPSS 0.3%CVE-2025-27954MEDIUMAn issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code viaEPSS 0.3%CVE-2025-63604MEDIUMA code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficiEPSS 0.3%CVE-2025-27953MEDIUMAn issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code viaEPSS 0.3%CVE-2021-27702HIGHSercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard.EPSS 0.3%CVE-2025-63258MEDIUMA remote command execution (RCE) vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gatewaysEPSS 0.3%CVE-2022-3086HIGHCradlepoint IBR600 Command InjectionEPSS 0.3%CVE-2025-45512MEDIUMA lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install craftEPSS 0.3%CVE-2022-20665MEDIUMCisco StarOS Command Injection VulnerabilityEPSS 0.3%CVE-2025-25766MEDIUMAn arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uplEPSS 0.3%CVE-2024-38831HIGHLocal privilege escalation vulnerability (CVE-2024-38831)EPSS 0.3%CVE-2025-45317MEDIUMA zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a cEPSS 0.3%CVE-2025-60595HIGHSPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution.EPSS 0.3%CVE-2026-4786HIGHIncomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()EPSS 0.3%