Weaknesses of type CWE-78
3,885 resultsCVE-2025-13481HIGHIBM Aspera Orchestrator Command InjectionEPSS 0.4%CVE-2026-34168HIGHCoolify: Command injection via unsanitized persistent storage name in docker volume commandsEPSS 0.4%CVE-2026-34034HIGHCoolify: Host RCE via Sentinel token injectionEPSS 0.4%CVE-2026-34153HIGHCoolify LocalFileVolume fs_path command injection enables RCEEPSS 0.4%CVE-2022-47210HIGHThe default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, hoEPSS 0.4%CVE-2022-26868MEDIUMDell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potenEPSS 0.4%CVE-2025-9974HIGHInsufficient Input Validation on WEBUI in Nokia ONT/Beacon productEPSS 0.4%CVE-2025-55211MEDIUMFreePBX Post-Authenticated Command InjectionEPSS 0.4%CVE-2020-3457MEDIUMCisco FXOS Software Command Injection VulnerabilityEPSS 0.4%CVE-2023-31188HIGHMultiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are aEPSS 0.4%CVE-2025-27078MEDIUMAuthenticated Remote Command Execution caused by Insecure Function Usage in System BinaryEPSS 0.4%CVE-2025-22495HIGHAn improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result inEPSS 0.4%CVE-2025-64755HIGH@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File WritesEPSS 0.4%CVE-2025-43908MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 releasEPSS 0.4%CVE-2025-70082CRITICALAn issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo cEPSS 0.4%CVE-2026-9207HIGHTanium addressed an unauthorized code execution vulnerability in Connect.EPSS 0.4%CVE-2026-39382CRITICALdbt has a Command Injection in Reusable Workflow via Unsanitized comment-body OutputEPSS 0.4%CVE-2026-45431HIGHCommand Injection Vulnerability in GX Earth ONT ModelsEPSS 0.4%CVE-2026-45777CRITICALOpen XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command InjectionEPSS 0.4%CVE-2023-34873HIGHOn MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5.2.0.61, the tcpdump feature does not properly validate input, which aEPSS 0.4%