Weaknesses of type CWE-78
3,891 resultsCVE-2025-47203MEDIUMdbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.EPSS 0.6%CVE-2026-9863HIGHCore Privileged Access Manager (BoKS) upgrade tooling command injection vulnerabilityEPSS 0.6%CVE-2026-31181CRITICALAn issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunSerEPSS 0.6%CVE-2026-31178CRITICALAn issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxEPSS 0.6%CVE-2024-5400HIGHOpenfind Mail2000 - OS Command InjectionEPSS 0.6%CVE-2022-4515HIGHA flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename spEPSS 0.6%CVE-2024-56497MEDIUMAn improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7EPSS 0.6%CVE-2026-9560CRITICALPrivilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands wEPSS 0.6%CVE-2025-10622HIGHForeman: os command injection via ct_location and fcct_location parametersEPSS 0.6%CVE-2026-31019HIGHIn the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functEPSS 0.6%CVE-2026-35072MEDIUMDell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versionsEPSS 0.6%CVE-2026-35074MEDIUMDell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versionsEPSS 0.6%CVE-2026-35073MEDIUMDell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versionsEPSS 0.6%CVE-2026-31994MEDIUMOpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script GenerationEPSS 0.6%CVE-2024-31481MEDIUMUnauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of EPSS 0.6%CVE-2026-25855HIGHOpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script UploadEPSS 0.6%CVE-2024-31479MEDIUMUnauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. SuccessfEPSS 0.6%CVE-2024-31480MEDIUMUnauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of EPSS 0.6%CVE-2021-32475—ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3EPSS 0.6%CVE-2026-25053CRITICALn8n is Vulnerable to OS Command Injection in Git NodeEPSS 0.6%