Weaknesses of type CWE-77
2,525 resultsCVE-2025-52337MEDIUMAn authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attEPSS 0.3%CVE-2024-29435MEDIUMAn issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.EPSS 0.3%CVE-2022-46361MEDIUMPhysical access to the WDM enables use of USB device to gain access to the WDMEPSS 0.3%CVE-2026-42850HIGHKitty has a shell command injectionEPSS 0.3%CVE-2025-63296MEDIUMKERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: durinEPSS 0.3%CVE-2025-54964HIGHAn issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrEPSS 0.3%CVE-2024-56087MEDIUMAn issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These arEPSS 0.3%CVE-2025-45009MEDIUMA HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerEPSS 0.3%CVE-2025-45010MEDIUMA HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System EPSS 0.3%CVE-2025-45011MEDIUMA HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulEPSS 0.3%CVE-2024-56085MEDIUMAn issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These arEPSS 0.3%CVE-2026-40068HIGHClaude Code arbitrary code execution via git worktree commondir trust dialog bypassEPSS 0.3%CVE-2025-59376LOWfeiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-deleEPSS 0.3%CVE-2024-54681LOWOssur Mobile Logic Application Command InjectionEPSS 0.3%CVE-2026-31171MEDIUMAn issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the url parEPSS 0.3%CVE-2026-31159MEDIUMAn issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the passworEPSS 0.3%CVE-2026-31160MEDIUMAn issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the provideEPSS 0.3%CVE-2026-31176MEDIUMAn issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun_usEPSS 0.3%CVE-2026-31167MEDIUMAn issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode paEPSS 0.3%CVE-2026-31174MEDIUMAn issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the informEEPSS 0.3%