Weaknesses of type CWE-78
3,880 resultsCVE-2026-40088CRITICALImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonaiEPSS 0.4%CVE-2020-29499MEDIUMDell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally auEPSS 0.4%CVE-2017-15108—spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with accesEPSS 0.4%CVE-2026-27566HIGHOpenClaw < 2026.2.22 - Allowlist Bypass via Wrapper Binary Unwrapping in system.runEPSS 0.4%CVE-2024-48954MEDIUMAn issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to ReEPSS 0.4%CVE-2023-40357HIGHMultiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are aEPSS 0.4%CVE-2024-51246HIGHIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doEPSS 0.4%CVE-2025-36245HIGHIBM InfoSphere Information Server command executionEPSS 0.4%CVE-2026-27965HIGHVitess users with backup storage access can gain unauthorized access to production deployment environmentsEPSS 0.4%CVE-2026-20206MEDIUMCisco ThousandEyes BrowserBot Command Injection VulnerabilityEPSS 0.4%CVE-2020-12774HIGHD-Link DSL-7740C - Command InjectionEPSS 0.4%CVE-2025-58370HIGHRoo Code: Potential Remote Code Execution via Bash Parameter Expansion and Indirect ReferenceEPSS 0.4%CVE-2019-1883HIGHCisco Integrated Management Controller CLI Command Injection VulnerabilityEPSS 0.4%CVE-2024-27920HIGHUnsigned code template execution through workflows in projectdiscovery/nucleiEPSS 0.4%CVE-2026-11834HIGHUnauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link RoutersEPSS 0.4%CVE-2025-53868HIGHBIG-IP SCP and SFTP vulnerabilityEPSS 0.4%CVE-2025-47782HIGHmotionEye vulnerable to RCE in add_camera Function Due to unsafe command executionEPSS 0.4%CVE-2022-35642MEDIUM"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScriptEPSS 0.4%CVE-2022-35849HIGHAn improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 thEPSS 0.4%CVE-2025-13481HIGHIBM Aspera Orchestrator Command InjectionEPSS 0.4%