CWE-77: Command Injection

RELY-PCIe versions v22.2.1 through v23.1.0 contain a command injection vulnerability in the sys_mgmt function that allows attackers to execute arbitra...

RELY-PCIe versions v22.2.1 through v23.1.0 contain a command injection vulnerability in the sys_conf function that allows attackers to execute arbitra...

RELY-PCIe versions 22.2.1 through 23.1.0 contain a command injection vulnerability in the time_date function. This allows attackers to execute arbitra...

This vulnerability allows remote attackers to execute arbitrary commands on affected D-Link routers due to insufficient input filtering in the upgrade...

CVE-2024-7029 is a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands on affected systems over the ne...

This vulnerability allows authenticated attackers to execute arbitrary commands with root privileges on SINEMA Remote Connect Server by exploiting ins...

This vulnerability in Composer (PHP dependency manager) allows remote code execution when using certain commands with packages installed from git repo...

This CVE describes a command injection vulnerability in Mitel 6869i devices that allows authenticated attackers to execute arbitrary shell commands wi...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK CP900L routers by injecting malicious commands into the hostTime ...

Tenda AC7V1.0 routers running firmware version 15.03.06.44 contain a command injection vulnerability in the formexeCommand function via the cmdinput p...

A command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows attackers on the same network to execute arbitrary commands wit...

This vulnerability in tiagorlampert CHAOS v5.0.1 allows remote attackers to execute arbitrary code by exploiting the BuildClient function. Attackers c...

This vulnerability allows attackers to execute arbitrary system commands on Telesquare TLR-2005Ksh routers via the Cmd parameter. Attackers can gain f...

CVE-2024-28041 is a command injection vulnerability in HGW BL1500HM routers that allows network-adjacent unauthenticated attackers to execute arbitrar...

A command injection vulnerability in the cgibin binary of DIR-845L router firmware allows attackers to execute arbitrary commands with root privileges...

This vulnerability allows authenticated attackers to execute arbitrary code on Vinchin Backup and Recovery systems via improper input validation in th...

This CVE describes a command injection vulnerability in D-Link DIR-882 routers that allows attackers to execute arbitrary commands via crafted POST re...

This vulnerability allows authenticated attackers to execute arbitrary commands on Atos Unify OpenScape Voice Trace Manager systems via FTP functional...

Vinchin Backup & Recovery v7.2 contains an authenticated remote code execution vulnerability in the setNetworkCardInfo function. This allows authentic...

Vinchin Backup & Recovery v7.2 contains an authenticated remote code execution vulnerability in the deleteUpdateAPK function. This allows authenticate...

CVE-2023-6940 is a command injection vulnerability in MLflow that allows attackers to execute arbitrary commands on the victim system by tricking user...

This vulnerability allows authenticated attackers to execute arbitrary commands on Relyum RELY-PCIe and RELY-REC devices through the web interface. At...

This vulnerability allows remote attackers to execute arbitrary commands on Ironman PowerShell Universal servers via crafted HTTP requests to API endp...

SuperWebMailer 9.00.0.01710 contains a command injection vulnerability in the sendmail functionality that allows remote attackers to execute arbitrary...

This vulnerability allows attackers within wireless range of the D-Link DAP-X1860 repeater to execute arbitrary shell commands as root during device s...

This vulnerability allows authenticated attackers to execute arbitrary code on ZenTao project management systems via crafted scripts in the Office Con...

This vulnerability allows authenticated attackers to execute arbitrary commands on the Atos Unify OpenScape 4000 Platform operating system, potentiall...

This vulnerability allows authenticated attackers to execute arbitrary commands on Atos Unify OpenScape 4000 systems via command injection in the AShb...

This CVE describes a command injection vulnerability in TPLINK TL-ER5120G routers where authenticated attackers can execute arbitrary commands by inje...

This vulnerability allows remote attackers to execute arbitrary code on Azure DevOps Server instances by exploiting improper input validation in comma...

This vulnerability allows remote attackers to execute arbitrary code on NETIS SYSTEMS WF2409E routers by exploiting improper input validation in the p...

CVE-2023-37469 is a command injection vulnerability in CasaOS personal cloud software that allows authenticated users to execute arbitrary commands by...

CVE-2023-23564 is a command injection vulnerability in Geomatika IsiGeo Web 6.0 that allows authenticated remote attackers to execute arbitrary comman...

This CVE describes a command injection vulnerability in ASUSTOR Data Master (ADM) printer service that allows remote unauthorized attackers to execute...

CVE-2023-3718 is an authenticated command injection vulnerability in Aruba AOS-CX switches that allows attackers with CLI access to execute arbitrary ...

This CVE describes two OS command injection vulnerabilities in the Milesight UR32L router's vtysh_ubus toolsh_excute functionality. Attackers can exec...

Two OS command injection vulnerabilities in Milesight UR32L routers allow remote attackers to execute arbitrary commands via specially crafted TCP pac...

CVE-2023-26297 is a command injection vulnerability in HP Device Manager that allows attackers to execute arbitrary commands on affected systems. This...

This vulnerability allows authenticated users to execute arbitrary commands on affected Atos Unify OpenScape 4000 systems through command injection. A...

This vulnerability allows authenticated users to execute arbitrary commands on Atos Unify OpenScape 4000 systems through command injection. It affects...

The Snowflake Connector for Python versions before 3.0.2 are vulnerable to command injection through SSO browser URL authentication. An attacker can s...

The gosnowflake Golang driver prior to version 1.6.19 contains a command injection vulnerability in SSO browser URL authentication. An attacker who tr...

This CVE describes a command injection vulnerability in specific TP-Link router models that allows authenticated attackers to execute arbitrary comman...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-842V2 routers via the iperf3 diagnostics function. Attackers ca...

This CVE describes a command injection vulnerability in Tenda G103 Gigabit GPON Terminal devices. Attackers with web management access can execute arb...

EDIMAX BR-6288ACL router firmware version 1.12 contains an authenticated remote code execution vulnerability in the pppUserName parameter. Attackers w...

This vulnerability allows remote attackers to execute arbitrary commands on Hanwha IP Camera ANE-L7012R devices by exploiting improper input sanitizat...

This vulnerability allows remote attackers to execute arbitrary commands on TP-Link TL-WPA4530 KIT powerline adapters via command injection in the _ht...

Motorola CX2L Router version 1.0.1 contains a command injection vulnerability in the staticroute_list parameter that allows attackers to execute arbit...

Motorola CX2L Router version 1.0.1 contains a command injection vulnerability in the smartqos_priority_devices parameter that allows attackers to exec...