Weaknesses of type CWE-77

2,525 results
CVE-2026-45558CRITICALRoxy-WI: Authenticated RCE on every managed HAProxy load balancer via `option` field config injection in section saveEPSS 0.4%CVE-2026-23862HIGHDell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command InjEPSS 0.4%CVE-2024-53919HIGHAn injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allEPSS 0.4%CVE-2026-26133HIGHM365 Copilot Information Disclosure VulnerabilityEPSS 0.4%CVE-2024-51736NONECommand execution hijack on Windows with Process class in symfony/processEPSS 0.4%CVE-2026-42257MEDIUMnet-imap: Command Injection via "raw" arguments to multiple commandsEPSS 0.4%CVE-2020-3210MEDIUMCisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection VulnerabilityEPSS 0.4%CVE-2024-28328MEDIUMCSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client namEPSS 0.4%CVE-2024-48141HIGHA prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsEPSS 0.4%CVE-2026-41611HIGHVisual Studio Code Remote Code Execution VulnerabilityEPSS 0.4%CVE-2025-29154MEDIUMHTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/tedEPSS 0.4%CVE-2025-60801HIGHjshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp functionEPSS 0.4%CVE-2026-41090CRITICALMicrosoft Copilot Tampering VulnerabilityEPSS 0.4%CVE-2022-42906HIGHpowerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository confEPSS 0.4%CVE-2024-48142HIGHA prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access anEPSS 0.4%CVE-2024-34713LOWsshproxy vulnerable to SSH option injectionEPSS 0.4%CVE-2026-21522MEDIUMMicrosoft ACI Confidential Containers Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2024-51254HIGHDrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the EPSS 0.4%CVE-2024-48140HIGHA prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackeEPSS 0.4%CVE-2024-38903MEDIUMH3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.EPSS 0.4%