CWE-77: Command Injection

A command injection vulnerability in Coolify allows low-privileged users (members) to execute arbitrary system commands as root on the Coolify instanc...

A command injection vulnerability in Yealink T21P_E2 phones allows remote attackers with normal privileges to execute arbitrary code via crafted reque...

This CVE describes an authenticated command injection vulnerability in AVTECH SECURITY Corporation's DGM1104 FullImg-1015-1004-1006-1003 SMB server fu...

This vulnerability allows authenticated attackers to execute arbitrary commands on AVTECH SECURITY DGM1104 devices via the Machine.cgi endpoint. Organ...

This vulnerability allows authenticated attackers to execute arbitrary commands on AVTECH SECURITY Corporation DGM1104 devices through the NetFailDete...

This vulnerability allows authenticated Cacti users to inject malicious SNMP community strings containing control characters like newlines. When these...

This vulnerability allows remote attackers to execute arbitrary code on GroupOffice installations via improper input validation in the dbToApi() funct...

Dell SmartFabric OS10 Software versions before 10.6.1.0 contain a command injection vulnerability that allows low-privileged remote attackers to execu...

Dell SmartFabric OS10 Software contains a command injection vulnerability that allows low-privileged remote attackers to execute arbitrary code on aff...

This vulnerability allows authenticated attackers to execute arbitrary commands on ManageEngine Applications Manager servers. Attackers with valid cre...

This vulnerability allows remote command execution on D-Link DIR-823 routers through improper input filtering in the set_cassword settings interface. ...

CVE-2025-59831 is a command injection vulnerability in git-commiters Node.js module that allows attackers to execute arbitrary commands on the host sy...

A command injection vulnerability in Cisco IOS XE's HTTP API allows authenticated attackers or social engineering victims to execute arbitrary command...

This vulnerability allows unauthenticated attackers to execute arbitrary commands with highest privileges on affected LB-Link routers. Attackers can e...

This vulnerability allows authenticated admin and manager users of 2wcom IP-4c devices to execute arbitrary code with root privileges through the web ...

A command injection vulnerability in COMFAST CF-XR11 routers allows attackers to execute arbitrary commands via a POST request to the multi_pppoe API....

This vulnerability allows remote command injection in Agentic AI and Visual Studio Code, enabling unauthorized attackers to execute arbitrary code ove...

This command injection vulnerability in SQL Server allows authenticated attackers to execute arbitrary commands on the database server, potentially ga...

This vulnerability in FactoryTalk Optix MQTT broker allows remote attackers to load malicious Mosquito plugins due to insufficient URI sanitization, l...

This CVE describes a command injection vulnerability in QNAP operating systems that allows authenticated attackers to execute arbitrary commands on af...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands with root privileges on KuWFi 4G AC900 LTE routers. A...

A critical Remote Code Execution vulnerability in @nestjs/devtools-integration package allows malicious websites to execute arbitrary code on a develo...

This critical vulnerability allows remote attackers to execute arbitrary operating system commands on Wifi-soft UniBox Controller systems by manipulat...

This critical vulnerability in Wifi-soft UniBox Controller allows remote attackers to execute arbitrary operating system commands via command injectio...

A command injection vulnerability in QNAP operating systems allows authenticated remote attackers to execute arbitrary commands on affected devices. T...

This vulnerability allows authenticated users with Edit component access in GetSimple CMS to inject arbitrary PHP code into component files, leading t...

Multiple code injection vulnerabilities in EasyVirt DC NetScope allow remote authenticated attackers to execute arbitrary code via various parameters....

CVE-2025-29509 is a remote code execution vulnerability in Jan AI desktop application versions 0.5.14 and earlier. Attackers can exploit this by trick...

A command injection vulnerability in D-Link DIR-823X routers allows authenticated attackers to execute arbitrary commands on affected devices by sendi...

This CVE allows attackers to execute arbitrary operating system commands on Pandora FMS servers by injecting malicious input into vulnerable parameter...

This command injection vulnerability in Fortinet FortiManager allows attackers to execute arbitrary commands with elevated privileges by sending speci...

An unauthenticated command injection vulnerability in Bitdefender Box 1 allows network-adjacent attackers to execute arbitrary commands on the device,...

This vulnerability allows remote attackers with low privileges to execute arbitrary shell commands on affected SICK devices by exploiting improper neu...

CVE-2024-23971 is a command injection vulnerability in ChargePoint Home Flex charging stations that allows network-adjacent attackers to execute arbit...

This vulnerability allows command injection when copying URLs from Web Inspector in affected Apple products. Attackers could execute arbitrary command...

This CVE describes multiple command injection vulnerabilities in Edimax AC1200 routers that allow authenticated attackers to execute arbitrary shell c...

This CVE describes a code injection vulnerability in Apache Ambari's Alert Definition feature where authenticated users can inject arbitrary shell com...

CVE-2024-51442 is a command injection vulnerability in MiniDLNA v1.3.3 and earlier that allows attackers to execute arbitrary operating system command...

CVE-2024-13129 is a critical OS command injection vulnerability in Roxy-WI's action_service function that allows remote attackers to execute arbitrary...

This vulnerability allows authenticated users in ThreatQuotient ThreatQ to execute arbitrary commands on the system by sending specially crafted reque...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on ORing IAP-420 devices through the web interface. A...

This vulnerability allows remote attackers to execute arbitrary code on affected Digital China Yunke systems via a specific PHP file. It affects Beiji...

CVE-2021-38116 is an elevation of privilege vulnerability in OpenText iManager that allows authenticated users to execute arbitrary commands with high...

This CVE describes a command injection vulnerability in Tenda G3 routers that allows attackers to execute arbitrary commands on the device. The vulner...

This vulnerability allows remote attackers to execute arbitrary commands on DrayTek Vigor3900 routers by injecting malicious commands into the mainfun...

This vulnerability allows attackers to inject malicious commands into the mainfunction.cgi component of DrayTek Vigor3900 routers by exploiting the do...

This vulnerability allows remote attackers to execute arbitrary commands on Draytek Vigor3900 routers by injecting malicious commands into the mainfun...

This vulnerability allows remote attackers to execute arbitrary commands on Draytek Vigor3900 routers by injecting malicious commands into the mainfun...

This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on Tianyu CPE routers via the at_command.asp compon...

RELY-PCIe versions v22.2.1 to v23.1.0 contain a code injection vulnerability in the getParams function within phpinf.php. This allows attackers to exe...