Weaknesses of type CWE-78
3,869 resultsCVE-2026-4157HIGHChargePoint Home Flex revssh Service Command Injection Remote Code Execution VulnerabilityEPSS 0.9%CVE-2026-25546HIGHGodot MCP is vulnerable to Command Injection via unsanitized projectPathEPSS 0.9%CVE-2024-39607MEDIUMOS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product byEPSS 0.9%CVE-2026-41113HIGHsagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c.EPSS 0.9%CVE-2023-25555MEDIUM
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS
Command Injection') vulnerability exists thaEPSS 0.9%CVE-2025-54958MEDIUMPowered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. If this vulnerability is exploited, arbitrary EPSS 0.8%CVE-2021-0218HIGHJunos OS: Command injection vulnerability in license-check daemonEPSS 0.8%CVE-2026-9277CRITICALshell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`EPSS 0.8%CVE-2023-44092HIGHOS Command InjectionEPSS 0.8%CVE-2024-53692MEDIUMQTS, QuTS heroEPSS 0.8%CVE-2026-3828HIGHSome Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficieEPSS 0.8%CVE-2022-25597HIGHASUS RT-AC86U - Command InjectionEPSS 0.8%CVE-2024-10035CRITICALCode Injection in BG-TEK's CoslatV3EPSS 0.8%CVE-2026-45662HIGHDokploy: Command Injection via incomplete shell escaping in docker logout (registry deletion)EPSS 0.8%CVE-2023-34334HIGHAMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can inject arbitrary shell commands,
whEPSS 0.8%CVE-2023-34343HIGHAMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can inject arbitrary shell commands,
whEPSS 0.8%CVE-2022-31232HIGHSmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially expEPSS 0.8%CVE-2025-67264HIGHAn OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local atEPSS 0.8%CVE-2024-25579MEDIUMOS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to exeEPSS 0.8%CVE-2024-0170HIGH
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could EPSS 0.8%