Weaknesses of type CWE-78
3,885 resultsCVE-2026-34152HIGHCoolify: Command Injection via Newline in Pre/Post Deployment Commands (Heredoc Transport)EPSS 0.4%CVE-2021-1452MEDIUMCisco IOS XE ROM Monitor Software for Cisco Industrial Switches OS Command Injection VulnerabilityEPSS 0.4%CVE-2023-34214HIGHSecond Order Command-injection Vulnerability in the Certificate-generation FunctionEPSS 0.4%CVE-2025-50974MEDIUMThe Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IPFire 2.29 does not properly sanitize user-supplied input before incorpEPSS 0.4%CVE-2023-40253MEDIUMImproper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNEPSS 0.4%CVE-2026-27635HIGHManyfold vulnerable to OS command injection via ZIP filename in f3d renderEPSS 0.4%CVE-2024-10896MEDIUMLogo Slider < 4.5.0 - Contributor+ Stored XSSEPSS 0.4%CVE-2026-3820HIGHSupermicro BMC's SMTP service contains a command injection vulnerabilityEPSS 0.4%CVE-2026-44444CRITICALLumiverse: Spindle extension install runs untrusted lifecycle scripts before security scanEPSS 0.4%CVE-2026-40852HIGHCommand injection via malicious configurationEPSS 0.4%CVE-2025-3189MEDIUMStored Cross-Site Scripting (XSS) in DoWISPEPSS 0.4%CVE-2019-1725MEDIUMCisco UCS B-Series Blade Servers Local Management CLI Arbitrary File Creation or CLI Parameter Injection VulnerabilityEPSS 0.4%CVE-2026-46618MEDIUMFission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executablesEPSS 0.4%CVE-2026-34158HIGHCoolify: Command injection via single-quote breakout in Docker Compose custom commandsEPSS 0.4%CVE-2026-29783HIGHGitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command executionEPSS 0.4%CVE-2026-23882HIGHBlinko: Admin RCE - MCP Server Command InjectionEPSS 0.4%CVE-2024-38471MEDIUMMultiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring aEPSS 0.4%CVE-2023-28767HIGHThe configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX serieEPSS 0.4%CVE-2026-48800HIGHNotepad++: Arbitrary Code Execution via shortcuts.xml UserCommand InjectionEPSS 0.4%CVE-2026-44055HIGHBitwise OR logic bug enables shell injectionEPSS 0.4%