Weaknesses of type CWE-78
3,887 resultsCVE-2026-25933MEDIUMArduino App Lab has Improper Data Validation in Internal Terminal InterfaceEPSS 0.2%CVE-2025-6181HIGHThe StrongDM Windows service incorrectly handled input validation. Authenticated attackers could potentially exploit this leading to privileEPSS 0.1%CVE-2025-20213MEDIUMCisco Catalyst SDWAN Manager Arbitrary File Overwrite VulnerabilityEPSS 0.1%CVE-2026-31996LOWOpenClaw < 2026.2.19 - safeBins stdin-only bypass via sort output and recursive grep flagsEPSS 0.1%CVE-2026-55798MEDIUMPillow: WindowsViewer.get_command() OS command injection via unescaped shell pathEPSS 0.1%CVE-2026-41421HIGHSiYuan Desktop Notification XSS Leads to Electron RCEEPSS 0.1%CVE-2026-42290HIGHprotobufjs-cli: OS Command InjectionEPSS 0.1%CVE-2026-20008MEDIUMCisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Lua Code Injection VulnerabilityEPSS 0.1%CVE-2026-44076MEDIUMShell injection via volume pathEPSS 0.1%CVE-2026-45036HIGHTabby auto-confirms ZMODEM detection on terminal output, leading to shell command execution from displayed file content under fish, bash, and zshEPSS 0.1%CVE-2026-49219MEDIUMImageMagick: Policy Bypass can read disallowed filesEPSS 0.1%CVE-2026-55697HIGHpnpm: Repository-controlled configDependencies can select a pacquet native install engineEPSS 0.1%CVE-2026-41010HIGHReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where EPSS 0.1%CVE-2026-42148LOWCoolify: Command Injection via Unescaped Version String in Docker BuildEPSS 0.1%CVE-2026-10805MEDIUMNetworkmanager: networkmanager: local privilege escalation via malformed mud urls in dhclient backendEPSS 0.1%CVE-2026-41011HIGHPackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name = package_EPSS 0.1%CVE-2026-27806HIGHFleet Affected by Local Privilege Escalation via Tcl Command Injection in OrbitEPSS 0.1%CVE-2026-44072LOWsystem() after failed chdir()EPSS 0.1%CVE-2026-58459HIGHgpsd gpsprof Command Injection via gnuplot plot title subtype fieldEPSS —CVE-2026-55420HIGHDiscourse: Remote code execution via pdf uploadsEPSS —