CWE-77: Command Injection

This vulnerability allows remote attackers to execute arbitrary operating system commands on EnOcean SmartServer IoT devices by sending specially craf...

This vulnerability allows attackers to bypass Deno's security restrictions on Windows by using case variations in file extensions (.BAT, .Bat instead ...

A command injection vulnerability in GL-iNet GL-AXT1800 router firmware allows authenticated attackers to execute arbitrary commands with root privile...

This CVE describes a command injection vulnerability in Deno on Windows systems. When Deno executes batch files (.bat, .cmd) on Windows, the underlyin...

CVE-2025-54424 is a certificate validation bypass vulnerability in 1Panel web interface that allows attackers to intercept HTTPS communications betwee...

This CVE describes a command injection vulnerability (CWE-77) in OmniAccess Stellar access points that allows authenticated attackers to execute arbit...

This critical vulnerability in Comodo Internet Security Premium allows remote attackers to execute arbitrary operating system commands through command...

CVE-2025-53098 is a vulnerability in Roo Code AI coding agent that allows arbitrary command execution through malicious MCP configuration files. Attac...

This critical vulnerability in MicroWorld eScan Antivirus allows remote attackers to execute arbitrary operating system commands through command injec...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK A810R routers by sending specially crafted HTTP requests to the d...

This vulnerability in Node.js allows command injection through malicious batch file arguments in child_process.spawn/spawnSync functions, even when sh...

This vulnerability in Bludit allows attackers with API token access to upload arbitrary files, including PHP files, leading to remote code execution o...

The LearnPress WordPress plugin contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP functions wi...

This CVE describes a command injection vulnerability in the Gradio library that allows attackers to execute arbitrary commands on the host system. It ...

This CVE describes an OS command injection vulnerability in Milesight VPN's liburvpn.so library that allows remote attackers to execute arbitrary comm...

A post-authentication command injection vulnerability in Zyxel USG FLEX and VPN series firewalls allows authenticated attackers to execute arbitrary c...

This CVE describes a command injection vulnerability in TOTOLINK EX300_v2 routers that allows attackers to execute arbitrary commands on the device. T...

CVE-2021-42638 is a critical vulnerability in PrinterLogic Web Stack that allows unauthenticated attackers to execute arbitrary code remotely due to i...

CVE-2021-35220 is a command injection vulnerability in SolarWinds Orion Platform's EmailWebPage API that allows attackers to execute arbitrary command...

This vulnerability allows man-in-the-middle attackers to inject plaintext commands into encrypted POP3 sessions in SmarterMail. Attackers can pipeline...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on affected NETGEAR devices via command injection. It affects multip...

This vulnerability in the syncpool Rust crate allows data races and memory corruption due to an unconditional Send implementation for Bucket2. It affe...

This vulnerability in the kekbit Rust crate allows data races and memory corruption when ShmWriter objects are sent between threads without proper syn...

This vulnerability in the rcu_cell Rust crate allows data races and memory corruption by incorrectly implementing Send and Sync traits for RcuCell<T> ...

This vulnerability in the Rust toolshed crate allows Send trait misuse in CopyCell<T>, potentially enabling data races and memory corruption in concur...

This vulnerability allows attackers with administrative privileges in Gardener projects to inject malicious credential values that break out of string...

The Edimax BR-6473AX router firmware version 1.0.28 contains a remote code execution vulnerability in the openwrt_getConfig function. Attackers can ex...

CVE-2025-52995 is an improper command allowlist vulnerability in File Browser that allows authenticated users to execute unauthorized shell commands. ...

CVE-2025-52903 is a command injection vulnerability in File Browser version 2.32.0 that allows authenticated users with 'Execute commands' permission ...

This CVE describes a command injection vulnerability in the Linksys E8450 router's wizard_status component, allowing attackers to execute arbitrary co...

This CVE describes a command injection vulnerability in Linksys E7350 routers where an attacker can execute arbitrary commands via the ifname paramete...

This CVE describes a command injection vulnerability in Linksys E7350 routers where an attacker can execute arbitrary commands via the iface parameter...

This CVE describes a command injection vulnerability in TOTOLINK A6000R routers that allows attackers to execute arbitrary commands on the device. Att...

CVE-2024-48286 is a command injection vulnerability in Linksys E3000 routers that allows attackers to execute arbitrary commands on the device. This a...

This vulnerability allows remote code execution on a developer's workstation when using GitHub CLI to connect to malicious codespaces. Attackers can i...

This vulnerability allows a local attacker to execute arbitrary code on affected D-Link 5G CPE devices via the Diagnostics function. Attackers with lo...

This CVE describes a command injection vulnerability in specific Netgear router models via the wlg_adv.cgi component's apmode_gateway parameter. Attac...

Scriptcase versions 9.10.023 and earlier contain a vulnerability in the nm_unzip function that allows remote attackers to execute arbitrary code on af...

This CVE describes a command injection vulnerability in DrayTek router firmware that allows attackers to execute arbitrary commands on affected device...

This vulnerability allows authenticated users in Splunk Enterprise and Cloud Platform to create external lookups that call legacy internal functions, ...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X5000R routers by injecting malicious commands into the 'password...

This vulnerability allows authenticated attackers to execute arbitrary code on Linksys Router E1700 devices via the setDateTime function. Attackers wi...

This vulnerability allows remote code execution on Azure Storage Mover instances through improper neutralization of special elements used in a command...

This CVE describes a command injection vulnerability in ELECOM and LOGITEC wireless LAN routers that allows authenticated attackers on the same networ...

CVE-2023-28854 is a command injection vulnerability in the nophp PHP framework that allows attackers to execute arbitrary shell commands on the web se...

This vulnerability allows remote attackers to execute arbitrary code on Microsoft Dynamics Unified Service Desk servers by sending specially crafted r...

This vulnerability allows remote attackers to execute arbitrary commands on Netgear RAX43 routers by injecting malicious commands into the name parame...

This vulnerability allows a local attacker to execute arbitrary code through the onCreate method in DatabaseViewerActivity.java in Amaze File Manager....

CVE-2025-33246 is a command injection vulnerability in NVIDIA's NeMo Framework ASR Evaluator utility that allows attackers to execute arbitrary comman...

CVE-2026-24905 is a command injection vulnerability in Inspektor Gadget's image building functionality. An attacker who can control the YAML gadget ma...