CWE-77: Command Injection

This vulnerability allows arbitrary command execution through crafted filenames in Percona XtraBackup. Attackers can execute shell commands on the sys...

This vulnerability in LuaTeX allows arbitrary shell command execution when processing untrusted TeX files. Attackers can exploit this to run malicious...

This vulnerability allows authenticated attackers with network access to the DrayTek Vigor2960 web management interface to execute arbitrary operating...

This critical vulnerability in kylin-system-updater allows local attackers to execute arbitrary commands through command injection in the InstallSnap ...

This CVE describes a command injection vulnerability in the firmware_update command of a device's restricted telnet interface. Authenticated attackers...

This CVE describes a laser command injection vulnerability in Huawei AIS-BW80H-00 devices that allows attackers to execute voice commands on the devic...

This CVE describes a command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved. It allows authenticated users...

This vulnerability allows local attackers on Juniper NFX Series devices to execute arbitrary code with elevated privileges via the Junos Device Manage...

This vulnerability in Linux kernel BPF JIT compilers allows attackers to execute arbitrary code within kernel context due to incorrect branch displace...

CVE-2020-28243 is a command injection vulnerability in SaltStack Salt's restartcheck feature that allows local privilege escalation. Any user who can ...

This CVE describes a command injection vulnerability in IBM Security Guardium that allows a local attacker to execute arbitrary commands on the system...

CVE-2018-19418 is a command injection vulnerability in Foxit PDF ActiveX that allows remote attackers to execute arbitrary code on affected systems. T...

This vulnerability allows unauthenticated attackers on the local network to execute arbitrary commands on affected NETGEAR routers and Orbi WiFi syste...

Zed code editor versions before 0.218.2-pre have an arbitrary code execution vulnerability where malicious Language Server Protocol configurations in ...

Zed code editor versions before 0.218.2-pre have an arbitrary code execution vulnerability where malicious MCP configurations in project settings file...

A local privilege escalation vulnerability in Agnitum Outpost Security Suite allows attackers to execute arbitrary code via the lock function. This af...

This vulnerability in nginx-ui allows authenticated users to modify critical nginx configuration commands via API endpoints that should be restricted,...

Dell ThinOS versions 2402 and 2405 contain a command injection vulnerability that allows unauthenticated attackers with physical access to execute arb...

This vulnerability in Python's mailcap module allows shell command injection when applications call mailcap.findmatch() with untrusted input. Attacker...

This vulnerability allows authenticated users to execute arbitrary commands on affected NETGEAR WiFi systems through command injection. It affects mul...

This vulnerability allows authenticated users on affected NETGEAR routers to execute arbitrary commands through command injection. Attackers with vali...

CVE-2026-21520 is an information disclosure vulnerability in Microsoft Copilot Studio that allows unauthenticated attackers to access sensitive inform...

A command injection vulnerability in Serverless Framework's experimental MCP server feature allows attackers to execute arbitrary system commands via ...

This vulnerability in Siemens RUGGEDCOM ROX devices allows attackers to inject additional configuration parameters during Dynamic DNS setup. Under cer...

CVE-2025-61141 allows remote command injection in sqls-server/sqls version 0.2.28 through the config command. Attackers can execute arbitrary commands...

CVE-2025-56406 is an improper neutralization vulnerability in mcp-neo4j 0.3.0 that allows attackers to execute arbitrary commands or access sensitive ...

This vulnerability allows attackers with network access adjacent to an EdgeSwitch to execute arbitrary commands on the device through improper input v...

A command injection vulnerability in mcp-package-docs MCP Server allows attackers to execute arbitrary system commands via unsanitized user input in c...

CVE-2025-53372 is a command injection vulnerability in node-code-sandbox-mcp that allows attackers to execute arbitrary system commands on the host ma...

CVE-2025-53107 is a command injection vulnerability in @cyanheads/git-mcp-server that allows remote code execution by injecting shell commands through...

This CVE describes an Improper Neutralization of Escape Sequences vulnerability in UniFi Protect Cameras that could allow an attacker on the same netw...

This vulnerability allows remote attackers to execute arbitrary commands on affected systems by sending specially crafted POST requests. It affects Ou...

A command injection vulnerability exists in certain Poly video conferencing devices due to improper input sanitization. This flaw could allow authenti...

A prompt injection vulnerability in Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between users ...

A prompt injection vulnerability in Zhipu AI CodeGeeX allows attackers to access and exfiltrate all chat data between users and the AI assistant throu...

This vulnerability allows a low-privileged attacker with remote access to execute arbitrary commands on Dell SmartFabric OS10 networking devices throu...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-822+ routers via command injection in the SetPlcNetworkpwd func...

CVE-2022-35503 is an improper input validation vulnerability in Open Source MANO (OSM) that allows authenticated attackers to execute arbitrary code w...

CVE-2024-20667 is a remote code execution vulnerability in Azure DevOps Server that allows attackers to execute arbitrary code on affected systems. Th...

This vulnerability in Memcached allows remote attackers to crash the daemon by sending specially crafted meta commands. It affects Memcached servers r...

This CVE describes a sandbox bypass vulnerability in Thymeleaf templates that allows Server-Side Template Injection (SSTI) and potential remote code e...

This vulnerability in VMware Aria Operations for Networks allows attackers with network access to execute arbitrary commands through command injection...

This vulnerability allows attackers to create empty files in arbitrary locations on GL.iNet device filesystems, limited to paths/filenames of 6 charac...

This CVE describes a command injection vulnerability in Tenda G103 routers that allows attackers to execute arbitrary commands on the device. Attacker...

This CVE describes a command injection vulnerability in TOTOLINK EX300_v2 routers that allows attackers to execute arbitrary commands on affected devi...

CVE-2021-23727 is a command injection vulnerability in Celery task queue software. Attackers who can access or manipulate metadata in Celery backends ...

This vulnerability allows authenticated users to execute arbitrary commands on affected NETGEAR switches through command injection. It affects multipl...

CVE-2021-43557 is a URI normalization bypass vulnerability in Apache APISIX's uri-block plugin that allows attackers to bypass block lists by using sp...

This vulnerability in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code on the server by sending a specially crafted AJAX response. This...

This CVE describes an OS command injection vulnerability in QNAP Video Station that allows authenticated users to execute arbitrary commands on the sy...