Weaknesses of type CWE-78

3,891 results
CVE-2025-11546CRITICALCLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleSeEPSS 0.4%CVE-2026-27626CRITICALOliveTin vulnerable to OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checksEPSS 0.4%CVE-2025-54941MEDIUMApache Airflow: Command injection in "example_dag_decorator"EPSS 0.4%CVE-2021-1584MEDIUMCisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation VulnerabilityEPSS 0.4%CVE-2019-1745HIGHCisco IOS XE Software Command Injection VulnerabilityEPSS 0.4%CVE-2024-21821HIGHMultiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute aEPSS 0.4%CVE-2026-6281HIGHA potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the locEPSS 0.4%CVE-2023-3571HIGHPHOENIX CONTACT: OS Command Injection in WP 6xxx Web panelsEPSS 0.4%CVE-2020-3169MEDIUMCisco FXOS Software CLI Command Injection VulnerabilityEPSS 0.4%CVE-2018-0115A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attackEPSS 0.4%CVE-2017-6796A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an aEPSS 0.4%CVE-2020-1734HIGHA flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() wiEPSS 0.4%CVE-2026-20036MEDIUMCisco UCS Manager Software Command Injection VulnerabilityEPSS 0.4%CVE-2022-41751HIGHJhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 oEPSS 0.4%CVE-2025-11571LOWCommand Execution vulnerability in Simplicity InstallerEPSS 0.4%CVE-2025-40947HIGHA vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEEPSS 0.4%CVE-2024-4696HIGHA privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commaEPSS 0.4%CVE-2026-59726CRITICALRuflo: Unauthenticated RCE in MCP bridge default docker-compose deploymentEPSS 0.4%CVE-2025-15559CRITICALUnauthenticated OS Command Injection in NesterSoft WorkTimeEPSS 0.4%CVE-2025-30097MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releasEPSS 0.4%