CWE-77: Command Injection

CVE-2023-2520 is a critical command injection vulnerability in Caton Prime's Ping Handler component that allows remote attackers to execute arbitrary ...

This vulnerability allows authenticated users to impersonate arbitrary users in Apache Spark UI when ACLs are enabled, leading to arbitrary shell comm...

CVE-2023-30623 is a command injection vulnerability in the embano1/wip GitHub Action that allows attackers to execute arbitrary code on GitHub runners...

CVE-2022-4009 is a command injection vulnerability in Octopus Deploy that allows authenticated users to execute arbitrary code during offline package ...

CVE-2023-27581 is a command injection vulnerability in github-slug-action that allows attackers to execute arbitrary code on GitHub runners by manipul...

This vulnerability allows remote command injection in Akuvox E11 devices through the phone-book contacts functionality. Attackers can upload files con...

This vulnerability allows remote attackers to execute arbitrary commands with root privileges on affected Korenix Jetwave industrial routers. Attacker...

A prototype pollution vulnerability in Rocket.Chat server versions below 5.2.0 allows attackers to achieve remote code execution (RCE) under admin pri...

This vulnerability allows remote attackers to execute arbitrary code on Arris TG2482A routers via the ping utility feature. Attackers can gain full co...

This vulnerability allows a low-privileged remote attacker to execute arbitrary commands on Dell Unisphere for PowerMax vApp, VASA Provider vApp, and ...

CVE-2022-29558 is a command injection vulnerability in Realtek's rtl819x-SDK web interface that allows attackers to execute arbitrary commands on affe...

CVE-2022-32262 is a command injection vulnerability in SINEMA Remote Connect Server that allows attackers to execute arbitrary code through a vulnerab...

This critical vulnerability in SevOne Network Management System allows remote attackers to execute arbitrary commands via the traceroute.php file, lea...

CVE-2022-26042 is an OS command injection vulnerability in InHand Networks InRouter302's daretools binary that allows remote attackers to execute arbi...

CVE-2022-26085 is an OS command injection vulnerability in InHand Networks InRouter302's httpd wlscan_ASP functionality that allows authenticated atta...

A remote code execution vulnerability in Ruijie Networks RG-EW Series Routers allows attackers to execute arbitrary commands via the switchFastDhcp fu...

This vulnerability allows remote attackers to execute arbitrary code on Ruijie Networks RG-EW Series Routers by exploiting improper input validation i...

CVE-2021-44520 is an authenticated command injection vulnerability in Citrix XenMobile Server that allows authenticated attackers to execute arbitrary...

An authenticated remote code execution vulnerability in Aruba AOS-CX Network Analytics Engine allows attackers with valid credentials to execute arbit...

This vulnerability allows remote attackers to execute arbitrary commands on CommScope SURFboard SBG6950AC2 devices via command injection. It affects u...

CVE-2021-3621 is a command injection vulnerability in SSSD's sssctl command that allows attackers to execute arbitrary shell commands with root privil...

This command injection vulnerability in Ivanti Avalanche allows attackers with access to the Inforail Service to execute arbitrary commands on the sys...

CVE-2021-43339 is a command injection vulnerability in Ericsson Network Location software that allows authenticated attackers to execute arbitrary com...

This vulnerability allows arbitrary code execution on Windows systems where qutebrowser is installed and registered as a URL handler. Attackers can cr...

This vulnerability allows authenticated remote attackers to execute arbitrary commands with root privileges on Cisco Intersight Virtual Appliance by e...

CVE-2021-38169 is a command injection vulnerability in Roxy-WI web interface that allows attackers to execute arbitrary commands on the server. This a...

This vulnerability in xdg-open allows remote attackers to execute arbitrary commands by tricking users into opening a malicious file. It affects Debia...

This CVE describes an arbitrary PHP code execution vulnerability in Drupal Core that allows attackers to create specially named directories on the fil...

This CVE describes a remote code execution vulnerability in GitHub Enterprise Server where attackers with permission to create GitHub Pages sites coul...

CVE-2020-10519 is a remote code execution vulnerability in GitHub Enterprise Server that allows authenticated users with GitHub Pages creation permiss...

This vulnerability allows attackers on the same network to execute arbitrary code on D-Link DVA-2800 and DSL-2888A routers without authentication. The...

This vulnerability allows attackers on the same network to execute arbitrary code on D-Link DAP-1860 WiFi extenders without authentication. The flaw e...

A command injection vulnerability in F5 BIG-IP Appliance mode allows authenticated administrators to execute arbitrary system commands, potentially cr...

An authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint when running in Appliance mode with a highly-p...

This JNDI injection vulnerability in Cloudera JDBC connectors allows attackers to inject malicious parameters into JDBC URLs, potentially leading to r...

This vulnerability allows attackers to elevate privileges in Azure CLI environments, potentially gaining unauthorized access to cloud resources. It af...

An authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on F5 multi-bladed systems running in applianc...

This vulnerability allows authenticated administrators on F5 BIG-IP systems running in Appliance mode to bypass security restrictions through command ...

This vulnerability allows authenticated attackers to execute arbitrary commands on affected NETGEAR routers. It affects R7000, R6900P, and R7000P mode...

This CVE describes a command injection vulnerability in Linksys E5600 routers that allows attackers to execute arbitrary commands on the device. The v...

This command injection vulnerability in Copilot allows unauthorized attackers to execute arbitrary code on affected systems by injecting malicious com...

This vulnerability in BAE SOCET GXP allows attackers to inject arbitrary executables through the GXP Job Service. If the service is configured for loc...

This vulnerability allows authenticated users to execute arbitrary operating system commands on OpenEdge AdminServer via Java RMI interface manipulati...

A command injection vulnerability in HybridDesk Station allows attackers with local network access to execute arbitrary commands on affected systems. ...

This command injection vulnerability in Azure CLI allows local attackers to execute arbitrary commands with elevated privileges. It affects users runn...

This vulnerability allows remote attackers to execute arbitrary commands on Netgear EX6120 WiFi extenders by injecting malicious commands into the wan...

This vulnerability allows authenticated attackers to execute arbitrary commands on Netgear R7000 routers by injecting malicious input into the device_...

This vulnerability allows authenticated attackers to execute arbitrary commands on Netgear EX3700 AC750 WiFi Range Extender Essentials Edition devices...

CVE-2023-37154 is a command injection vulnerability in Nagios check_by_ssh plugin that allows attackers to execute arbitrary commands on the monitorin...

CVE-2024-43497 is a remote code execution vulnerability in DeepSpeed, Microsoft's deep learning optimization library. It allows attackers to execute a...