Weaknesses of type CWE-78

3,885 results
CVE-2025-53623HIGHJob Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator classEPSS 0.7%CVE-2025-57283HIGHThe Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not proEPSS 0.7%CVE-2024-20358MEDIUMA vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco FirepEPSS 0.7%CVE-2024-29167HIGHSVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrative privilege to execute arbitrary OS commEPSS 0.7%CVE-2026-55743CRITICALOpenHuman desktop agent shell tool sandbox bypass leads to arbitrary command executionEPSS 0.7%CVE-2021-0219MEDIUMJunos OS: Command injection vulnerability in 'request system software' CLI commandEPSS 0.7%CVE-2026-31246MEDIUMGPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the ExecuEPSS 0.7%CVE-2025-57771HIGHRoo-Code potential remote code execution via auto-execute command parsing flawEPSS 0.7%CVE-2023-33238HIGHCommand-injection Vulnerability in Certificate ManagementEPSS 0.7%CVE-2025-8473MEDIUMAlpine iLX-507 UPDM_wstpCBCUpdStart Command Injection VulnerabilityEPSS 0.7%CVE-2026-49980CRITICALRclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fixEPSS 0.7%CVE-2023-32568HIGHAn issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application doeEPSS 0.7%CVE-2026-35520HIGHPi-hole FTL affected by Remote Code Execution (RCE) via dhcp.leaseTime Newline InjectionEPSS 0.7%CVE-2023-36922CRITICALOS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)EPSS 0.7%CVE-2024-50809HIGHThe theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commandsEPSS 0.7%CVE-2024-36103MEDIUMOS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent atEPSS 0.7%CVE-2023-23356MEDIUMQuFirewallEPSS 0.7%CVE-2026-4496MEDIUMsigmade Git-MCP-Server gitUtils.ts child_process.exec os command injectionEPSS 0.7%CVE-2025-41683HIGHWeidmueller: Root Command Injection via Unsanitized Input in event_mail_test EndpointEPSS 0.7%CVE-2024-51251HIGHIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the baEPSS 0.7%