Weaknesses of type CWE-77
2,524 resultsCVE-2026-7600MEDIUMArtMin96 yii2-mcp-server MCP index.ts yii_execute_command os command injectionEPSS 1.1%CVE-2026-5831MEDIUMAgions taskflow-ai terminal_execute handlers.ts os command injectionEPSS 1.1%CVE-2024-39028CRITICALAn issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.EPSS 1.1%CVE-2024-34792CRITICALWordPress Dextaz Ping plugin <= 0.65 - Remote Code Execution (RCE) vulnerabilityEPSS 1.1%CVE-2026-3680MEDIUMRyuzakiShinji biome-mcp-server biome-mcp-server.ts command injectionEPSS 1.1%CVE-2022-48255CRITICALThere is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerabilityEPSS 1.1%CVE-2025-44866MEDIUMTenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vEPSS 1.1%CVE-2025-44865MEDIUMTenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This EPSS 1.1%CVE-2026-26093HIGHImproper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opdsEPSS 1.1%CVE-2025-44867MEDIUMTenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameterEPSS 1.1%CVE-2025-44864MEDIUMTenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This EPSS 1.1%CVE-2017-12329—A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, locEPSS 1.1%CVE-2026-11449MEDIUMGL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injectionEPSS 1.1%CVE-2017-12330—A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attackEPSS 1.1%CVE-2026-21256HIGHGitHub Copilot and Visual Studio Remote Code Execution VulnerabilityEPSS 1.1%CVE-2022-41617HIGHBIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617EPSS 1.1%CVE-2024-48659CRITICALAn issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component.EPSS 1.1%CVE-2024-36138HIGHBypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childEPSS 1.1%CVE-2024-55414CRITICALA vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physEPSS 1.1%CVE-2023-0093HIGHOkta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowEPSS 1.1%