Weaknesses of type CWE-78
3,786 resultsCVE-2021-20039HIGHImproper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authentiEPSS 78.1%CVE-2022-24288—Apache Airflow: RCE in example DAGsEPSS 77.9%CVE-2020-8816CRITICALPi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.EPSS 77.8%KEVCVE-2019-15949HIGHNagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as tEPSS 77.7%KEVCVE-2025-0107HIGHExpedition: OS Command Injection VulnerabilityEPSS 77.7%CVE-2017-12243—A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco EPSS 77.1%CVE-2025-6514CRITICALOS command injection in mcp-remote when connecting to untrusted MCP serversEPSS 76.6%CVE-2022-2884CRITICALA vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authEPSS 75.7%CVE-2024-8504HIGHVICIdial Authenticated Remote Code ExecutionEPSS 75.4%CVE-2021-25298HIGHNagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/confiEPSS 75.2%KEVCVE-2026-42271HIGHLiteLLM: Authenticated command execution via MCP stdio test endpointsEPSS 75.0%KEVCVE-2023-44221HIGHImproper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrEPSS 74.9%KEVCVE-2023-4873MEDIUMByzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform importexport.php os command injectionEPSS 74.9%CVE-2023-6019CRITICALRay Command Injection in cpu_profile ParameterEPSS 74.6%CVE-2026-2041HIGHNagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution VulnerabilityEPSS 74.6%CVE-2017-5255—In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console EPSS 74.6%CVE-2019-12991HIGHCitrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).EPSS 74.5%KEVCVE-2022-30534CRITICALAn OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364EPSS 74.5%CVE-2023-23076CRITICALOS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.EPSS 74.3%CVE-2026-2043HIGHNagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution VulnerabilityEPSS 74.2%