Weaknesses of type CWE-78
3,891 resultsCVE-2026-28460MEDIUMOpenClaw < 2026.2.22 - Allowlist Bypass via Shell Line-Continuation Command Substitution in system.runEPSS 0.4%CVE-2026-45558CRITICALRoxy-WI: Authenticated RCE on every managed HAProxy load balancer via `option` field config injection in section saveEPSS 0.4%CVE-2025-30097MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releasEPSS 0.4%CVE-2025-30096MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releasEPSS 0.4%CVE-2020-3173HIGHCisco UCS Manager Software Local Management CLI Command Injection VulnerabilityEPSS 0.4%CVE-2026-31862CRITICALCloud CLI has Command Injection via Multiple ParametersEPSS 0.4%CVE-2026-39938CRITICALCacti: Unauthenticated RCE on Graph ImageEPSS 0.4%CVE-2026-54699HIGHWarp: OS command injection when opening terminal links from WSLEPSS 0.4%CVE-2026-42143HIGHCoolify: OS Command Injection via Persistent Volume Names - Root RCE on Managed ServersEPSS 0.4%CVE-2024-54025MEDIUMAn improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolatEPSS 0.4%CVE-2025-30099HIGHDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releasEPSS 0.4%CVE-2025-55284HIGHClaude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude CodeEPSS 0.4%CVE-2026-29607HIGHOpenClaw < 2026.2.22 - Authorization Bypass via allow-always Wrapper PersistenceEPSS 0.4%CVE-2024-48963HIGHThe package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggeEPSS 0.4%CVE-2025-54469CRITICALNeuVector Enforcer is vulnerable to Command Injection and Buffer overflowEPSS 0.4%CVE-2024-48964HIGHThe package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triEPSS 0.4%CVE-2025-20319MEDIUMRemote Command Execution through Scripted Input Files in Splunk EnterpriseEPSS 0.4%CVE-2026-42853MEDIUM@apostrophecms/cli: Command Injection in apos create via Unsanitized Password InputEPSS 0.4%CVE-2026-33310HIGHIntake has a Command Injection via shell() Expansion in Parameter DefaultsEPSS 0.4%CVE-2026-27113MEDIUMLiquid Prompt arbitrary command injection via crafted Git branch names in gitstatusd backendEPSS 0.4%