Weaknesses of type CWE-78

3,885 results
CVE-2024-51251HIGHIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the baEPSS 0.7%CVE-2026-5619MEDIUMBraffolk mcp-summarization-functions summarize_command mcp-server.ts os command injectionEPSS 0.7%CVE-2026-5621MEDIUMChrisChinchilla Vale-MCP HTTP index.ts os command injectionEPSS 0.7%CVE-2024-13892HIGHCommand Injection in Smartwares camerasEPSS 0.7%CVE-2023-37863HIGHPHOENIX CONTACT: OS Command Injection in WP 6xxx Web panelsEPSS 0.7%CVE-2025-9494HIGHViessmann Vitogate 300 OS Command InjectionEPSS 0.7%CVE-2023-35850HIGHSUNNET WMPro - Command InjectionEPSS 0.7%CVE-2026-46735HIGHDell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS EPSS 0.7%CVE-2026-33791HIGHJunos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as rootEPSS 0.7%CVE-2026-34176HIGHKnowledge Appliance mode iControl REST vulnerabilityEPSS 0.7%CVE-2025-52994MEDIUMgif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value. This is fixed in 1.7EPSS 0.7%CVE-2023-34139HIGHA command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 PatEPSS 0.7%CVE-2024-26258HIGHOS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OEPSS 0.7%CVE-2026-25063HIGHgradle-completion has a Bash command injection issueEPSS 0.7%CVE-2024-30414HIGHCommand injection vulnerability in the AccountManager module. Impact: Successful exploitation of this vulnerability may affect service confiEPSS 0.7%CVE-2026-35518HIGHPi-hole FTL affected by Remote Code Execution (RCE) via dns.cnameRecords Newline InjectionEPSS 0.7%CVE-2022-39057HIGHChanging Information Technology Inc. RAVA certificate validation system - Command InjectionEPSS 0.7%CVE-2022-26413HIGHA command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticatedEPSS 0.7%CVE-2026-35521HIGHPi-hole FTL affected by Remote Code Execution (RCE) via dhcp.hosts Newline InjectionEPSS 0.7%CVE-2025-65480HIGHAn issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are exEPSS 0.7%