Weaknesses of type CWE-77
2,525 resultsCVE-2025-55372MEDIUMAn arbitrary file upload vulnerability in Beakon Application before v5.4.3 allows attackers to execute arbitrary code via uploading a crafteEPSS 0.3%CVE-2023-0628MEDIUMDocker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URLEPSS 0.3%CVE-2025-26262MEDIUMAn issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execEPSS 0.3%CVE-2025-57733MEDIUMIn JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email contentEPSS 0.3%CVE-2026-30615HIGHA prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When WindsuEPSS 0.3%CVE-2021-1488MEDIUMCisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000 and 2100 Series Appliances Command Injection VulnerabilityEPSS 0.3%CVE-2025-43948HIGHCodemers KLIMS 1.6.DEV allows Python code injection. A user can provide Python code as an input value for a parameter or qualifier (such as EPSS 0.3%CVE-2024-57337MEDIUMAn arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.9EPSS 0.3%CVE-2026-41153MEDIUMIn JetBrains Junie before 252.549.29 command execution was possible via malicious project fileEPSS 0.3%CVE-2024-57338MEDIUMAn arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allowEPSS 0.3%CVE-2025-68433HIGHZed IDE MCP Context Server Configuration Arbitrary Code ExecutionEPSS 0.3%CVE-2025-59815HIGHAuthenticated Remote Code Execution in the Billing Administration portalEPSS 0.3%CVE-2026-41953HIGHBIG-IP Privilege Escalation vulnerabilityEPSS 0.2%CVE-2025-31951HIGHHCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerabilityEPSS 0.2%CVE-2025-20258MEDIUMA vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emEPSS 0.2%CVE-2025-50515MEDIUMAn issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the coEPSS 0.2%CVE-2026-42000MEDIUMInsufficient Validation of Names During AXFREPSS 0.2%CVE-2024-8405MEDIUMArbitrary File Creation in PaperCut NG/MF Web Print leading to a Denial of Service attackEPSS 0.2%CVE-2021-21595MEDIUMDell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerEPSS 0.2%CVE-2025-60838MEDIUMAn arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file.EPSS 0.2%