Weaknesses of type CWE-78

3,891 results
CVE-2026-35071HIGHDell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command ('OS EPSS 0.5%CVE-2026-49813MEDIUMDell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1EPSS 0.5%CVE-2024-11681MEDIUMRemote Code Execution in MacPortsEPSS 0.5%CVE-2019-1775MEDIUMCisco NX-OS Software Command Injection VulnerabilityEPSS 0.5%CVE-2019-1774MEDIUMCisco NX-OS Software Command Injection VulnerabilityEPSS 0.5%CVE-2026-24129HIGHRuntipi is Vulnerable to Authenticated Arbitrary Remote Code ExecutionEPSS 0.5%CVE-2024-32123MEDIUMMultiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer EPSS 0.5%CVE-2026-43685HIGHA Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating sEPSS 0.5%CVE-2022-22298MEDIUMA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIEPSS 0.5%CVE-2022-34437MEDIUMDell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentiaEPSS 0.5%CVE-2026-49366HIGHIn JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completionEPSS 0.5%CVE-2026-22902MEDIUMQuNetSwitchEPSS 0.5%CVE-2024-50376HIGHA CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devicEPSS 0.5%CVE-2026-54483MEDIUMDell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1EPSS 0.5%CVE-2026-46746HIGHA vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input iEPSS 0.5%CVE-2024-53992HIGHunzip-bot Allows Remote Code Execution (RCE) via archive extraction, password prompt, or video uploadEPSS 0.5%CVE-2025-67164CRITICALAn authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arEPSS 0.4%CVE-2026-41036HIGHCommand Injection Vulnerability in Quantum Networks Router QN-I-470EPSS 0.4%CVE-2019-1770MEDIUMCisco NX-OS Software Command Injection VulnerabilityEPSS 0.4%CVE-2026-34940HIGHKubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model podsEPSS 0.4%