Weaknesses of type CWE-78
3,891 resultsCVE-2026-42994HIGHBitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to EPSS 0.3%CVE-2026-45255HIGHRemote code execution via installer Wi-Fi access point scansEPSS 0.3%CVE-2026-45564HIGHRoxy-WI: Authenticated RCE via 'configver' URL parameter (os.system sink in /config/versions/.../save)EPSS 0.3%CVE-2026-32948MEDIUMsbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on WindowsEPSS 0.3%CVE-2025-24938HIGHInsufficient Validation of Input while user creationEPSS 0.3%CVE-2021-34728HIGHCisco IOS XR Software Authenticated User Privilege Escalation VulnerabilitiesEPSS 0.3%CVE-2024-47918MEDIUMTiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)EPSS 0.3%CVE-2021-1529HIGHCisco IOS XE SD-WAN Software Command Injection VulnerabilityEPSS 0.3%CVE-2026-44666CRITICALHRConvert2: Missing Sanitization enables Unauthenticated Remote Command ExecutionEPSS 0.3%CVE-2026-44932HIGHindirect remote shell command injection via unsanitized DHCP options in wickedEPSS 0.3%CVE-2026-30309HIGHInfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism cEPSS 0.3%CVE-2026-44465HIGHZed: Zed IDE Arbitrary Code Execution via untrusted repository with poisoned .git/configEPSS 0.3%CVE-2026-12161HIGHImproper input validation in the SSH Elevate Shell feature in
Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user
witEPSS 0.3%CVE-2025-36354HIGHIBM Security Verify Access command executionEPSS 0.3%CVE-2026-45750CRITICALTermix Vulnerable to Arbitrary Command Execution in File ManagerEPSS 0.3%CVE-2021-3459MEDIUMA privilege escalation vulnerability was reported in the MM1000 device configuration web server, which could allow privileged shell access aEPSS 0.3%CVE-2025-27234HIGHZabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0.EPSS 0.3%CVE-2026-0654HIGHCommand injection on TP-Link Deco BE25EPSS 0.3%CVE-2025-1038HIGHThe “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticaEPSS 0.3%CVE-2026-46399CRITICALAuthenticated Remote Code Execution via File OverwriteEPSS 0.3%