Weaknesses of type CWE-78
3,877 resultsCVE-2018-0185—Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commandEPSS 0.6%CVE-2025-0356HIGHNEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands vEPSS 0.6%CVE-2023-44277HIGH
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in EPSS 0.6%CVE-2026-31177CRITICALAn issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinEPSS 0.6%CVE-2026-21418HIGHDell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command InjectiEPSS 0.6%CVE-2025-37126HIGHAuthenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line InterfaceEPSS 0.6%CVE-2026-22277HIGHDell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command InjectEPSS 0.6%CVE-2025-43942HIGHDell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command InjectionEPSS 0.6%CVE-2025-43939HIGHDell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command InjectionEPSS 0.6%CVE-2024-13087LOWQHoraEPSS 0.6%CVE-2021-3934HIGHOS Command Injection in ohmyzsh/ohmyzshEPSS 0.6%CVE-2025-0680CRITICALNew Rock Technologies Cloud Connected Devices has a Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability.EPSS 0.6%CVE-2025-43940HIGHDell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command InjectionEPSS 0.6%CVE-2022-48593HIGHA SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled iEPSS 0.6%CVE-2022-48588HIGHA SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controllEPSS 0.6%CVE-2024-44072MEDIUMOS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management paEPSS 0.6%CVE-2025-41673HIGHRemote Command Injection in send_sms Action Due to Improper Input NeutralizationEPSS 0.6%CVE-2025-41675HIGHRemote Command Injection via GET in Cloud Server Communication Script Due to Improper Input NeutralizationEPSS 0.6%CVE-2025-41674HIGHRemote Command Injection in diagnostic Action Due to Improper Input NeutralizationEPSS 0.6%CVE-2025-26074CRITICALOrkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.EPSS 0.6%