Weaknesses of type CWE-78

3,891 results
CVE-2026-33310HIGHIntake has a Command Injection via shell() Expansion in Parameter DefaultsEPSS 0.4%CVE-2025-23344HIGHThe NVIDIA NVDebug tool contains a vulnerability that may allow an actor to run code on the platform host as a non-privileged user. A succesEPSS 0.4%CVE-2022-35976MEDIUMImproper KubeConfig handling allows arbitrary code executionEPSS 0.4%CVE-2025-27078MEDIUMAuthenticated Remote Command Execution caused by Insecure Function Usage in System BinaryEPSS 0.4%CVE-2026-49190CRITICALMissing Per-Instruction Authorization ChecksEPSS 0.4%CVE-2025-5459HIGHOS Command InjectionEPSS 0.4%CVE-2019-12717MEDIUMCisco NX-OS Software Virtualization Manager Command Injection VulnerabilityEPSS 0.4%CVE-2025-66572MEDIUMLoaded Commerce 6.6 Client-Side Template Injection (CSTI)EPSS 0.4%CVE-2024-5461HIGHCommand or parameter injection via unique embedded switch SNMP commands.EPSS 0.4%CVE-2024-44759HIGHAn arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to dowEPSS 0.4%CVE-2026-9208HIGHTanium addressed an unauthorized code execution vulnerability in Connect.EPSS 0.4%CVE-2025-65074HIGHOS Command Injection via Path Traversal in WaveStore ServerEPSS 0.4%CVE-2019-1879MEDIUMCisco Integrated Management Controller CLI Command Injection VulnerabilityEPSS 0.4%CVE-2026-3692HIGHUnintended command execution during report generation in Progress FlowmonEPSS 0.4%CVE-2026-27566HIGHOpenClaw < 2026.2.22 - Allowlist Bypass via Wrapper Binary Unwrapping in system.runEPSS 0.4%CVE-2026-40088CRITICALImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonaiEPSS 0.4%CVE-2020-29499MEDIUMDell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally auEPSS 0.4%CVE-2025-13481HIGHIBM Aspera Orchestrator Command InjectionEPSS 0.4%CVE-2017-15108spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with accesEPSS 0.4%CVE-2023-40357HIGHMultiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are aEPSS 0.4%