Weaknesses of type CWE-78

3,891 results
CVE-2025-43939HIGHDell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command InjectionEPSS 0.6%CVE-2025-43942HIGHDell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command InjectionEPSS 0.6%CVE-2022-48593HIGHA SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled iEPSS 0.6%CVE-2022-48588HIGHA SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controllEPSS 0.6%CVE-2024-44072MEDIUMOS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management paEPSS 0.6%CVE-2025-41674HIGHRemote Command Injection in diagnostic Action Due to Improper Input NeutralizationEPSS 0.6%CVE-2025-29534HIGHAn authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentiaEPSS 0.6%CVE-2025-26074CRITICALOrkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.EPSS 0.6%CVE-2025-41673HIGHRemote Command Injection in send_sms Action Due to Improper Input NeutralizationEPSS 0.6%CVE-2025-41675HIGHRemote Command Injection via GET in Cloud Server Communication Script Due to Improper Input NeutralizationEPSS 0.6%CVE-2023-27198MEDIUMPAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and inclEPSS 0.6%CVE-2026-41208HIGHPaperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command ExecutionEPSS 0.6%CVE-2026-28673HIGHxiaoheiFS Vulnerable to RCE via Unrestricted Plugin Installation (Manifest Manipulation)EPSS 0.6%CVE-2020-13712HIGHMGOS Command InjectionEPSS 0.6%CVE-2025-66626HIGHargoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic linksEPSS 0.6%CVE-2026-34714CRITICALVim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr}EPSS 0.6%CVE-2023-24422HIGHA sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackerEPSS 0.6%CVE-2025-12744HIGHAbrt: command-injection in abrt leading to local privilege escalationEPSS 0.6%CVE-2025-52626MEDIUMHCL AION is susceptible to Potential Command Injection vulnerabilityEPSS 0.6%CVE-2025-51958CRITICALaelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/pluginEPSS 0.6%