CWE-74: Injection

This vulnerability allows remote attackers to execute arbitrary commands on Comfast CF-E7 routers via command injection in the web management interfac...

This CVE describes a command injection vulnerability in Comfast CF-E7 routers version 2.6.0.9. Attackers can remotely execute arbitrary commands by ma...

This SQL injection vulnerability in code-projects Patient Record Management System 1.0 allows remote attackers to execute arbitrary SQL commands via t...

This SQL injection vulnerability in Alixhan xh-admin-backend allows remote attackers to execute arbitrary SQL commands through the /frontend-api/syste...

This vulnerability allows remote attackers to execute arbitrary commands on WAYOS FBM-220G devices by manipulating specific parameters (upnp_waniface/...

This CVE describes a command injection vulnerability in Comfast CF-N1 V2 routers version 2.6.0.2. Attackers can remotely execute arbitrary commands by...

This vulnerability allows remote attackers to execute arbitrary commands on Wavlink WL-WN579A3 routers by exploiting command injection in the AddMac f...

This vulnerability allows remote attackers to execute arbitrary commands on Wavlink WL-WN579A3 routers by exploiting a command injection flaw in the D...

This vulnerability allows remote attackers to execute arbitrary commands on Wavlink WL-WN579A3 routers by manipulating the 'key' parameter in the logi...

This CVE describes a command injection vulnerability in D-Link DCS-933L IP cameras through the /setSystemAdmin endpoint. Attackers can execute arbitra...

This CVE describes a command injection vulnerability in D-Link DI-7100G C1 routers that allows remote attackers to execute arbitrary commands on affec...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DI-7100G routers by injecting malicious input into the usb_username...

This CVE describes a command injection vulnerability in r-huijts xcode-mcp-server that allows remote attackers to execute arbitrary commands on affect...

This SQL injection vulnerability in code-projects Contact Management System 1.0 allows remote attackers to execute arbitrary SQL commands by manipulat...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DWR-M921 routers by manipulating the fota_url parameter in the firm...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DWR-M921 routers by injecting malicious commands into the fota_url ...

This vulnerability allows remote attackers to execute arbitrary commands on UTT HiPER 810 routers by injecting malicious input into the policyNames pa...

This CVE describes a command injection vulnerability in BurtTheCoder's mcp-maigret tool up to version 1.0.12. Attackers can execute arbitrary commands...

This SQL injection vulnerability in Xiaopi Panel's WAF Firewall component allows attackers to execute arbitrary SQL commands through the /demo.php end...

This CVE describes a code injection vulnerability in the abhiphile fermat-mcp project's eqn_chart function. Attackers can remotely exploit this by man...

This CVE describes a code injection vulnerability in the mcp-vegalite-server component that allows remote attackers to execute arbitrary code by manip...

This SQL injection vulnerability in JeecgBoot 3.9.0 allows remote attackers to execute arbitrary SQL commands through the Online Report API's loadDict...

This CVE describes a remote command injection vulnerability in Tenda AC21 routers. Attackers can execute arbitrary commands on affected devices by man...

This CVE describes a command injection vulnerability in D-Link DWR-M961 routers that allows remote attackers to execute arbitrary commands on affected...

This CVE describes a command injection vulnerability in D-Link DWR-M961 routers that allows remote attackers to execute arbitrary commands by manipula...

This CVE describes a remote command injection vulnerability in Totolink A7000R routers. Attackers can execute arbitrary commands by manipulating the F...

This vulnerability allows remote attackers to execute arbitrary commands on Totolink A7000R routers by exploiting a command injection flaw in the setU...

This CVE describes a remote command injection vulnerability in D-Link DWR-M961 routers. Attackers can execute arbitrary commands on affected devices b...

This SQL injection vulnerability in SEMCMS 5.0 allows attackers to manipulate database queries through the searchml parameter in /SEMCMS_Info.php. Att...

CVE-2026-1551 is a SQL injection vulnerability in itsourcecode School Management System 1.0 that allows remote attackers to execute arbitrary SQL comm...

This vulnerability allows remote attackers to execute arbitrary commands on Totolink A7000R routers by injecting malicious commands into the 'url' par...

This SQL injection vulnerability in jishenghua jshERP allows remote attackers to execute arbitrary SQL commands through the barCodes parameter in the ...

This CVE describes a remote command injection vulnerability in Totolink A7000R routers. Attackers can execute arbitrary commands on affected devices b...

This vulnerability allows remote attackers to execute arbitrary commands on Sangfor Operation and Maintenance Security Management System installations...

This CVE describes a command injection vulnerability in Sangfor Operation and Maintenance Security Management System that allows remote attackers to e...

This CVE describes a command injection vulnerability in Totolink NR1800X routers that allows remote attackers to execute arbitrary commands on affecte...

This CVE describes a remote command injection vulnerability in Totolink NR1800X routers. Attackers can execute arbitrary commands on affected devices ...

This CVE describes a SQL injection vulnerability in itsourcecode Society Management System 1.0, specifically in the /admin/add_activity.php file's Tit...

This vulnerability allows remote attackers to execute arbitrary commands on systems running vulnerable versions of kalcaddle kodbox. The command injec...

This SQL injection vulnerability in jjjfood and jjjshop_food systems allows attackers to manipulate database queries via the latitude parameter in the...

This SQL injection vulnerability in RainyGao DocSys allows attackers to manipulate database queries via the Username parameter. Remote attackers can p...

This SQL injection vulnerability in guchengwuyue yshopmall allows attackers to manipulate database queries through the 'sort' parameter in the /api/jo...

This CVE describes a SQL injection vulnerability in RainyGao DocSys document management system up to version 2.02.36. Attackers can exploit this remot...

This CVE describes a SQL injection vulnerability in PHPGurukul Online Course Registration System that allows attackers to manipulate database queries ...

This CVE describes a SQL injection vulnerability in RainyGao DocSys up to version 2.02.36. Attackers can remotely exploit this by manipulating the sea...

This CVE describes a command injection vulnerability in TOTOLINK WA300 routers that allows remote attackers to execute arbitrary commands on affected ...

CVE-2026-0584 is a SQL injection vulnerability in code-projects Online Product Reservation System 1.0 that allows attackers to execute arbitrary SQL c...

CVE-2026-0582 is an SQL injection vulnerability in itsourcecode Society Management System 1.0 that allows attackers to manipulate database queries thr...

This CVE describes a command injection vulnerability in Tenda AC1206 routers that allows remote attackers to execute arbitrary commands on affected de...

This CVE describes a SQL injection vulnerability in the sfturing hosp_order software's findOrderHosNum function. Attackers can exploit this by manipul...