Weaknesses of type CWE-78
3,885 resultsCVE-2023-25507HIGHNVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbiEPSS 0.9%CVE-2025-59783HIGHOS Command Injection over APIEPSS 0.9%CVE-2021-3061MEDIUMPAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI)EPSS 0.9%CVE-2026-35517HIGHPi-hole FTL affected by Remote Code Execution (RCE) via dns.upstreams Newline InjectionEPSS 0.9%CVE-2022-22555MEDIUMDell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulneraEPSS 0.9%CVE-2026-4157HIGHChargePoint Home Flex revssh Service Command Injection Remote Code Execution VulnerabilityEPSS 0.9%CVE-2026-25546HIGHGodot MCP is vulnerable to Command Injection via unsanitized projectPathEPSS 0.9%CVE-2024-39607MEDIUMOS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product byEPSS 0.9%CVE-2026-41113HIGHsagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c.EPSS 0.9%CVE-2023-25555MEDIUM
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS
Command Injection') vulnerability exists thaEPSS 0.9%CVE-2026-9277CRITICALshell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`EPSS 0.8%CVE-2025-54958MEDIUMPowered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. If this vulnerability is exploited, arbitrary EPSS 0.8%CVE-2021-0218HIGHJunos OS: Command injection vulnerability in license-check daemonEPSS 0.8%CVE-2023-44092HIGHOS Command InjectionEPSS 0.8%CVE-2024-53692MEDIUMQTS, QuTS heroEPSS 0.8%CVE-2022-25597HIGHASUS RT-AC86U - Command InjectionEPSS 0.8%CVE-2024-10035CRITICALCode Injection in BG-TEK's CoslatV3EPSS 0.8%CVE-2026-3828HIGHSome Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficieEPSS 0.8%CVE-2026-45662HIGHDokploy: Command Injection via incomplete shell escaping in docker logout (registry deletion)EPSS 0.8%CVE-2023-34334HIGHAMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can inject arbitrary shell commands,
whEPSS 0.8%