Weaknesses of type CWE-78
3,797 resultsCVE-2024-53942MEDIUMAn issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command inEPSS 15.2%CVE-2023-23596HIGHjc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with EPSS 15.2%CVE-2025-7081MEDIUMBelkin F9K1122 webs formSetWanStatic os command injectionEPSS 15.1%CVE-2025-59366CRITICALAn authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba funcEPSS 15.1%CVE-2026-2131MEDIUMXixianLiang HarmonyOS-mcp-server input_text os command injectionEPSS 15.1%CVE-2023-5494MEDIUMByzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform download.php os command injectionEPSS 14.8%CVE-2025-6771HIGHOS command injection in Ivanti Endpoint ManagerEPSS 14.8%CVE-2025-14092MEDIUMEdimax BR-6478AC V3 formDebugDiagnosticRun sub_416898 os command injectionEPSS 14.7%CVE-2024-9054HIGHRemote code Execution inTimeProvider® 4100EPSS 14.6%CVE-2024-3799HIGHShell command injection in PhonieboxEPSS 14.6%CVE-2022-20650HIGHCisco NX-OS Software NX-API Command Injection VulnerabilityEPSS 14.5%CVE-2025-47228MEDIUMIn the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows aEPSS 14.4%CVE-2023-23369CRITICALQTS, Multimedia Console, and Media Streaming add-onEPSS 14.4%CVE-2026-6195CRITICALTotolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injectionEPSS 14.3%CVE-2026-5853CRITICALTotolink A7100RU CGI cstecgi.cgi setIpv6LanCfg os command injectionEPSS 14.3%CVE-2026-5852CRITICALTotolink A7100RU CGI cstecgi.cgi setIptvCfg os command injectionEPSS 14.3%CVE-2026-4631CRITICALCockpit: cockpit: unauthenticated remote code execution due to ssh command-line argument injectionEPSS 14.2%CVE-2026-6483HIGHWavlink WL-WN530H4 internet.cgi snprintf os command injectionEPSS 14.1%CVE-2026-5851CRITICALTotolink A7100RU CGI cstecgi.cgi setUPnPCfg os command injectionEPSS 14.1%CVE-2022-43548HIGHA OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost cEPSS 14.0%