Weaknesses of type CWE-78
3,890 resultsCVE-2022-38132HIGHCommand injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands.EPSS 0.6%CVE-2026-40288CRITICALPraisonAI: Critical RCE via `type: job` workflow YAMLEPSS 0.6%CVE-2022-48598HIGHA SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controllEPSS 0.6%CVE-2022-48600HIGHA SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and paEPSS 0.6%CVE-2024-32118MEDIUMMultiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet ForEPSS 0.6%CVE-2022-48604HIGHA SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input anEPSS 0.6%CVE-2022-48587HIGHA SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input aEPSS 0.6%CVE-2022-48589HIGHA SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inEPSS 0.6%CVE-2022-48602HIGHA SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inEPSS 0.6%CVE-2022-48591HIGHA SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes uEPSS 0.6%CVE-2022-48594HIGHA SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled iEPSS 0.6%CVE-2022-48596HIGHA SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled iEPSS 0.6%CVE-2022-48599HIGHA SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inEPSS 0.6%CVE-2022-48592HIGHA SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takesEPSS 0.6%CVE-2022-48601HIGHA SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inEPSS 0.6%CVE-2022-48597HIGHA SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inpEPSS 0.6%CVE-2022-48595HIGHA SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlleEPSS 0.6%CVE-2022-48586HIGHA SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and pEPSS 0.6%CVE-2022-48603HIGHA SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled iEPSS 0.6%CVE-2022-48585HIGHA SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled inpuEPSS 0.6%