Weaknesses of type CWE-78
3,887 resultsCVE-2026-23816HIGHAuthenticated Command Injection found in admin AOS-CX CLI commandEPSS 0.7%CVE-2025-66203CRITICALStreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration InjectionEPSS 0.7%CVE-2024-51253HIGHIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doEPSS 0.7%CVE-2024-33368HIGHAn issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScEPSS 0.7%CVE-2024-51249HIGHIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reEPSS 0.7%CVE-2025-8655MEDIUMKenwood DMX958XR libSystemLib Command injection Remote Code Execution VulnerabilityEPSS 0.7%CVE-2025-8652MEDIUMKenwood DMX958XR JKWifiService Command Injection Remote Code Execution VulnerabilityEPSS 0.7%CVE-2025-8649MEDIUMKenwood DMX958XR JKWifiService Command Injection Remote Code Execution VulnerabilityEPSS 0.7%CVE-2025-8650MEDIUMKenwood DMX958XR libSystemLib Command Injection Remote Code Execution VulnerabilityEPSS 0.7%CVE-2025-8651MEDIUMKenwood DMX958XR JKWifiService Command Injection Remote Code Execution VulnerabilityEPSS 0.7%CVE-2021-1421HIGHCisco Enterprise NFV Infrastructure Software Command Injection VulnerabilityEPSS 0.7%CVE-2025-27393HIGHA vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitizEPSS 0.7%CVE-2025-27394HIGHA vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitizEPSS 0.7%CVE-2024-50361HIGHA CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the followingEPSS 0.7%CVE-2025-27392HIGHA vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitizEPSS 0.7%CVE-2023-4856HIGH
A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute arbitrary commands on a EPSS 0.7%CVE-2026-35018HIGHNetComm NF20MESH < R6B032 Authenticated RCE via OS Command InjectionEPSS 0.7%CVE-2024-51465HIGHIBM App Connect Enterprise Certified Container command executionEPSS 0.7%CVE-2019-1699MEDIUMCisco Firepower Threat Defense Software Command Injection VulnerabilityEPSS 0.7%CVE-2025-23316CRITICALNVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote EPSS 0.7%