CWE-77: Command Injection

This vulnerability allows remote attackers to execute arbitrary code on Microsoft Dynamics Unified Service Desk servers by sending specially crafted r...

This vulnerability allows remote attackers to execute arbitrary commands on Netgear RAX43 routers by injecting malicious commands into the name parame...

This vulnerability allows a local attacker to execute arbitrary code through the onCreate method in DatabaseViewerActivity.java in Amaze File Manager....

CVE-2025-33246 is a command injection vulnerability in NVIDIA's NeMo Framework ASR Evaluator utility that allows attackers to execute arbitrary comman...

CVE-2026-24905 is a command injection vulnerability in Inspektor Gadget's image building functionality. An attacker who can control the YAML gadget ma...

Delta Electronics DIAView has a command injection vulnerability (CWE-77) that allows remote attackers to execute arbitrary commands on affected system...

This vulnerability allows authenticated Backup or Tape Operators to execute arbitrary code with root privileges by creating a malicious backup configu...

This CVE describes a local privilege escalation vulnerability in Anaconda3 macOS installers. When installed outside the user's home directory, world-w...

This vulnerability allows local privilege escalation on macOS systems running vulnerable Miniconda3 installers. When installed outside the user's home...

This command injection vulnerability in Windows PowerShell allows attackers to execute arbitrary code on affected systems. It affects Windows systems ...

A command injection vulnerability in SonarQube Scan GitHub Action versions 4 to 5.3.0 allows attackers to execute arbitrary commands by injecting mali...

CVE-2025-54377 is a command injection vulnerability in Roo Code AI coding agent that allows bypassing allow-list restrictions via line break character...

This vulnerability allows a low-privileged attacker with local access to Dell SmartFabric OS10 switches to execute arbitrary code via command injectio...

This CVE describes a command injection vulnerability in Dell SmartFabric OS10 Software that allows low-privileged local attackers to execute arbitrary...

This CVE describes a command injection vulnerability in Dell SmartFabric OS10 Software that allows low-privileged local attackers to execute arbitrary...

This CVE describes a command injection vulnerability in Dell ThinOS versions 2411 and earlier. A low-privileged attacker with local access can execute...

This CVE describes a command injection vulnerability in Progress Telerik UI for WinUI where improper neutralization of hyperlink elements allows attac...

This vulnerability in Razer Synapse 3 allows a local attacker to execute arbitrary code via the export parameter in the Chroma Effects function. Attac...

CVE-2024-53899 is a command injection vulnerability in virtualenv's activation scripts where magic template strings are improperly quoted during repla...

This CVE describes a command injection vulnerability in Dell SmartFabric OS10 Software that allows a low-privileged attacker with local access to exec...

Dell SmartFabric OS10 Software contains a command injection vulnerability that allows low-privileged attackers with local access to execute arbitrary ...

This CVE describes a local privilege escalation vulnerability in Elefant Update Service where an attacker with local access can execute arbitrary comm...

This vulnerability allows remote code execution in Visual Studio Code on Linux systems. Attackers can execute arbitrary code by exploiting improper ne...

This vulnerability allows attackers to execute arbitrary commands on systems running vulnerable Progress Telerik UI for WinForms applications. Attacke...

This vulnerability allows attackers to execute arbitrary commands on systems running vulnerable versions of Progress Telerik UI for WPF. Attackers can...

This CVE describes a command injection vulnerability in self-hosted UniFi Network Application servers running Linux. An attacker with existing 'unifi'...

This vulnerability allows an app to execute arbitrary code with kernel privileges, potentially gaining full control over affected Apple devices. It af...

This vulnerability allows authenticated local attackers to execute arbitrary code with system privileges on SINEMA Remote Connect Client systems. The ...

This CVE describes a local privilege escalation vulnerability in WatchGuard Mobile VPN with SSL client on Windows. It allows a local authenticated use...

This CVE describes a command injection vulnerability in WatchGuard AuthPoint Password Manager for macOS. An attacker with local access can execute arb...

A local attacker with low privileges can exploit a command injection vulnerability in the OCPP Remote service to execute arbitrary commands and gain r...

This CVE describes a memory handling vulnerability in Apple operating systems that could allow an attacker to cause app crashes or execute arbitrary c...

Hikvision Interactive Tablet DS-D5B86RB/B version V2.3.0 build220119 has insecure default configurations that allow attackers to execute arbitrary com...

A race condition vulnerability in the Linux kernel's AMD display driver where the DMCUB (Display Microcontroller Unit) can be in idle state when GPINT...

This vulnerability allows remote command injection in the IrGraph.draw function of PaddlePaddle 2.6.0. Attackers can execute arbitrary commands on the...

CVE-2024-23749 is a command injection vulnerability in KiTTY that allows attackers to execute arbitrary code by manipulating filename inputs. This aff...

This vulnerability in HPE OneView allows authenticated local attackers to execute arbitrary commands with elevated privileges through improper input v...

This CVE describes a command injection vulnerability in Jensen of Scandinavia Eagle 1200AC routers running firmware version V15.03.06.33_en. Attackers...

This vulnerability allows shell injection in PAX Android-based POS devices, enabling attackers with shell access to execute arbitrary commands with sy...

Dell SmartFabric Storage Software v1.4 and earlier contains an OS command injection vulnerability in the CLI's 'more' command. Authenticated attackers...

This CVE describes a command injection vulnerability in Phicomm K2 routers that allows attackers to execute arbitrary commands via the luci.sys.call f...

CVE-2023-35390 is a remote code execution vulnerability in .NET and Visual Studio that allows attackers to execute arbitrary code on affected systems....

This vulnerability in Perimeter81's macOS agent allows local attackers to escalate privileges to root by injecting shell metacharacters into the using...

This vulnerability allows an attacker with initial user access to a Zimbra Collaboration Suite server to execute arbitrary commands as root by manipul...

CVE-2023-26294 is a command injection vulnerability in HP Device Manager that allows attackers to execute arbitrary commands on affected systems. This...

This vulnerability allows arbitrary command execution through crafted filenames in Percona XtraBackup. Attackers can execute shell commands on the sys...

This vulnerability in LuaTeX allows arbitrary shell command execution when processing untrusted TeX files. Attackers can exploit this to run malicious...

This vulnerability allows authenticated attackers with network access to the DrayTek Vigor2960 web management interface to execute arbitrary operating...

This critical vulnerability in kylin-system-updater allows local attackers to execute arbitrary commands through command injection in the InstallSnap ...

This CVE describes a command injection vulnerability in the firmware_update command of a device's restricted telnet interface. Authenticated attackers...