CWE-77: Command Injection

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulating uploaded file names. It affects Zenitel communi...

This vulnerability allows authenticated attackers to execute arbitrary commands on affected devices by manipulating the hostname parameter. It affects...

This is a critical remote code execution vulnerability in Zenitel devices that allows unauthenticated attackers to execute arbitrary commands by injec...

A command injection vulnerability in terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary system commands by providing malicious input ...

A critical deserialization vulnerability in Fortra's GoAnywhere MFT License Servlet allows attackers with forged license signatures to execute arbitra...

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code with elevated privileges through network access. It a...

This critical vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on Wavlink AC3000 routers by sending speci...

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary commands with root privileges on Cisco URWB Access Points by ...

This vulnerability allows remote attackers to execute arbitrary commands on ProGauge MAGLINK LX CONSOLE UTILITY systems by sending specially crafted P...

CVE-2024-29895 is a critical command injection vulnerability in Cacti's 1.3.x DEV branch that allows unauthenticated attackers to execute arbitrary co...

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote attackers to execute arbitrary commands with root...

CVE-2022-31161 is a critical remote code execution vulnerability in Roxy-WI web interface versions prior to 6.1.1.0. It allows unauthenticated attacke...

This vulnerability allows attackers to upload malicious files through an API in MDT AutoSave software, which can manipulate process creation commands ...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on affected NETGEAR WiFi systems. It affects multiple NETGEAR...

Mesa Labs AmegaView version 3.0 contains a command injection vulnerability (CWE-77) that allows remote attackers to execute arbitrary code on affected...

CVE-2026-22688 is a command injection vulnerability in WeKnora that allows authenticated users to inject malicious commands into MCP stdio settings, c...

This critical vulnerability in TLS4B ATG systems allows authenticated remote attackers to execute arbitrary system commands on the underlying Linux op...

Flowise versions 3.0.1 through 3.0.7 and all later versions with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerabil...

This CVE describes a command injection vulnerability in the WordPress Widget Options plugin that allows attackers to execute arbitrary operating syste...

An authenticated low-privileged attacker can execute arbitrary CLI commands with network-admin privileges on Cisco NDFC-managed devices via command in...

CVE-2023-25911 is a critical OS command injection vulnerability in Danfoss AK-EM100 web applications that allows authenticated attackers to execute ar...

CVE-2023-27407 is a command injection vulnerability in SCALANCE LPE9403 industrial network devices that allows authenticated remote attackers to execu...

This is a command injection vulnerability in Synology Download Station that allows authenticated remote attackers to execute arbitrary commands on the...

This CVE describes a remote command injection vulnerability in D-Link DIR-868L routers via the SSDP service. Attackers can execute arbitrary operating...

This CVE describes a remote command injection vulnerability in SECCN Dingcheng G10 software version 3.1.0.181203. Attackers can execute arbitrary oper...

Orval versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 contain a code injection vulnerability where untrusted OpenAPI specifications can inject ...

Orval versions 7.19.0 through 8.0.2 contain a code injection vulnerability in the x-enumDescriptions field processing. Untrusted OpenAPI specification...

This CVE describes a remote command injection vulnerability in Apache bRPC's heap profiler service. Attackers can execute arbitrary commands by inject...

A command injection vulnerability in D-Link DIR895LA1 routers allows attackers to execute arbitrary commands with root privileges by sending malicious...

EDIMAX BR-6208AC V2 router firmware version 1.02 contains a command injection vulnerability in the pppUserName field that allows attackers to execute ...

This CVE describes a remote command injection vulnerability in TRENDnet TEW-713RE routers. Attackers can execute arbitrary operating system commands b...

CVE-2025-69201 is a command injection vulnerability in Tugtainer's agent API that allows attackers to inject arbitrary arguments into docker container...

CVE-2025-67728 is a command injection vulnerability in Fireshare that allows authenticated users (or unauthenticated users if Public Uploads is enable...

CVE-2025-66032 is a command injection vulnerability in Claude Code that allows bypassing read-only validation to execute arbitrary code. Attackers can...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link R15 (AX1500) routers by manipulating the model name parameter durin...

CVE-2025-66219 is a command injection vulnerability in willitmerge, a command-line tool for checking pull request mergeability. Attackers can execute ...

This is a critical command injection vulnerability in AndSoft's e-TMS v25.03 that allows unauthenticated attackers to execute arbitrary operating syst...

This is a critical command injection vulnerability in AndSoft's e-TMS transportation management system. Attackers can execute arbitrary operating syst...

This is a critical command injection vulnerability in AndSoft's e-TMS v25.03 that allows attackers to execute arbitrary operating system commands on t...

This is a critical command injection vulnerability in AndSoft's e-TMS transportation management system. Attackers can execute arbitrary operating syst...

This is a critical command injection vulnerability in AndSoft's e-TMS v25.03 that allows unauthenticated attackers to execute arbitrary operating syst...

This is a critical command injection vulnerability in AndSoft's e-TMS transportation management software that allows unauthenticated attackers to exec...

This is a critical command injection vulnerability in AndSoft's e-TMS transportation management software that allows unauthenticated attackers to exec...

This CVE describes a command injection vulnerability in TOTOLINK X18 routers that allows attackers to execute arbitrary commands on the device. The vu...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X18 routers by injecting malicious code into the mac parameter of...

CVE-2025-59834 is a command injection vulnerability in ADB MCP Server versions 0.1.0 and earlier that allows attackers to execute arbitrary commands o...

This is a critical command injection vulnerability in TOTOLINK X6000R routers that allows unauthenticated attackers to execute arbitrary commands on a...

CVE-2025-59046 is a command injection vulnerability in the interactive-git-checkout npm package that allows attackers to execute arbitrary commands on...

This CVE describes a critical command injection vulnerability in FTP-Flask-python that allows unauthenticated remote attackers to execute arbitrary op...

CVE-2025-57285 is a critical command injection vulnerability in codeceptjs 3.7.3 that allows attackers to execute arbitrary commands on the host syste...