Weaknesses of type CWE-78
3,847 resultsCVE-2026-48778HIGHNotepad++: Arbitrary Code Execution via config.xml commandLineInterpreterEPSS 1.3%CVE-2026-7785MEDIUMA-G-U-P-T-A wireshark-mcp pyshark_mcp.py quick_capture os command injectionEPSS 1.3%CVE-2020-12149MEDIUMOS Command Injection - Management File UploadEPSS 1.3%CVE-2022-48580HIGHA command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled EPSS 1.3%CVE-2024-6917CRITICALRCE in Veribilim Software's Veribase Order ManagementEPSS 1.3%CVE-2026-35506HIGHELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processinEPSS 1.3%CVE-2025-48501CRITICALAn OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commanEPSS 1.3%CVE-2022-37878HIGHVulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands onEPSS 1.3%CVE-2026-42076CRITICALEvolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code ExecutionEPSS 1.3%CVE-2025-3361CRITICALHGiga iSherlock - OS Command InjectionEPSS 1.3%CVE-2024-12970LOWOS Command Injection in TUBITAK BILGEM's Pardus OS My ComputerEPSS 1.3%CVE-2025-3362CRITICALHGiga iSherlock - OS Command InjectionEPSS 1.3%CVE-2025-3363CRITICALHGiga iSherlock - OS Command InjectionEPSS 1.3%CVE-2025-34280HIGHNagios Network Analyzer < 2024R2.0.1 RCE in LDAP Certificate Removal FunctionEPSS 1.3%CVE-2026-0795HIGHALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution VulnerabilityEPSS 1.3%CVE-2024-42757CRITICALCommand injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat functionEPSS 1.3%CVE-2025-50946MEDIUMOS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go.EPSS 1.3%CVE-2026-26189MEDIUMTrivy Action has a script injection via sourced env file in composite actionEPSS 1.3%CVE-2025-53100HIGHRestDB's Codehooks.io MCP Server Vulnerable to Command InjectionEPSS 1.3%CVE-2026-28292CRITICALsimple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key that enables RCEEPSS 1.3%