CWE-77: Command Injection

This CVE describes an OS command injection vulnerability in D-Link DIR-823X routers. Attackers can remotely execute arbitrary commands by manipulating...

This vulnerability allows authenticated users of certain HIKSEMI NAS products to execute arbitrary commands on the device by sending specially crafted...

This CVE describes an OS command injection vulnerability in D-Link DIR-615 routers via the MAC Filter Configuration component. Attackers can execute a...

This CVE describes a remote OS command injection vulnerability in D-Link DIR-615 routers via the /set_temp_nodes.php file in the URL Filter component....

This vulnerability allows remote attackers to execute arbitrary operating system commands on TRENDnet TEW-811DRU routers by manipulating the DeviceURL...

This vulnerability in Siemens RUGGEDCOM ROX devices allows attackers to gain root access by exploiting insufficient validation during configuration fi...

This vulnerability allows authenticated web users on Ruijie APs to execute arbitrary shell commands as root via command injection in the web_action.do...

This CVE describes a command injection vulnerability in HPE Aruba Networking Airwave Platform's CLI that allows authenticated attackers to execute arb...

This vulnerability allows authenticated remote attackers to execute arbitrary commands on network access point configuration services through the web-...

An authenticated command injection vulnerability in the CLI binary of AOS-8 Controller/Mobility Conductor allows attackers with valid credentials to e...

An authenticated command injection vulnerability in the CLI binary of AOS-8 Controller/Mobility Conductor allows authenticated attackers to execute ar...

A command injection vulnerability in QuRouter 2.5.1 allows authenticated attackers with administrator privileges to execute arbitrary commands on affe...

This CVE describes a command injection vulnerability in D-Link DSL-7740C routers that allows attackers to execute arbitrary commands via the ping6 fun...

This CVE describes a command injection vulnerability in D-Link DSL-7740C routers that allows attackers to execute arbitrary commands via the backup fu...

An authenticated command injection vulnerability in HPE Networking Instant On Access Points allows attackers with elevated privileges to execute arbit...

An authenticated command injection vulnerability in Palo Alto Networks PAN-OS allows administrative users with management interface access to execute ...

A command injection vulnerability in HPE StoreOnce Software allows remote attackers to execute arbitrary commands on affected systems. This affects or...

A critical remote code execution vulnerability in GatesAir Maxiva UAXT/VAXT transmitters allows authenticated attackers to execute arbitrary commands ...

This CVE describes an authenticated command injection vulnerability in a network management service's command-line interface. Attackers with valid cre...

Authenticated command injection vulnerabilities in HPE 501 Wireless Client Bridge web interface allow attackers with administrative credentials to exe...

This vulnerability allows authenticated remote attackers to execute arbitrary commands on HPE Aruba ClearPass Policy Manager systems through the web m...

This vulnerability allows authenticated users with CREATE privilege on Azure Database for PostgreSQL Flexible Server to execute arbitrary commands thr...

This vulnerability allows authenticated users with database access to execute arbitrary commands on the underlying operating system through PostgreSQL...

An authenticated command injection vulnerability in Aruba Instant AOS-8 and AOS-10 CLI allows attackers to execute arbitrary commands as privileged us...

This critical vulnerability allows remote attackers to execute arbitrary commands on affected WAVLINK routers by manipulating the dhcpGateway paramete...

This CVE describes an OS command injection vulnerability in Ivanti CSA's admin web console that allows authenticated administrators to execute arbitra...

This vulnerability allows authenticated attackers to execute arbitrary code on Microsoft SharePoint Server by sending specially crafted requests. It a...

This vulnerability in Seacms v13.1 allows attackers to inject malicious IP parameters through the admin_ip.php file, which are then written to a confi...

This CVE describes a command injection vulnerability in Enphase IQ Gateway devices (formerly Envoy) where authenticated attackers can execute arbitrar...

This vulnerability allows remote authenticated users to execute arbitrary commands as root on HPE Aruba EdgeConnect SD-WAN gateways through the CLI. A...

This vulnerability allows an attacker with administrative access to the Netwrix CoSoSys Endpoint Protector or Unify server to execute arbitrary system...

TELSAT marKoni FM Transmitters contain a command injection vulnerability (CWE-77) that allows attackers to execute arbitrary commands by manipulating ...

This vulnerability allows authenticated privileged remote attackers to execute arbitrary commands with root privileges on affected CPCI85 and SICORE B...

This CVE describes a command injection vulnerability in certain Hikvision NVR devices that allows authenticated administrators to execute arbitrary co...

Authenticated command injection vulnerabilities in ArubaOS CLI allow attackers with valid credentials to execute arbitrary commands as privileged user...

Authenticated command injection vulnerabilities in ArubaOS CLI allow attackers with valid credentials to execute arbitrary commands as privileged user...

This vulnerability in ClearPass Policy Manager allows authenticated remote attackers to execute arbitrary commands as root on the underlying operating...

This vulnerability in Aruba ClearPass Policy Manager allows authenticated remote users to execute arbitrary commands on the underlying host with root ...

This vulnerability in Aruba ClearPass Policy Manager allows authenticated remote attackers to execute arbitrary commands as root on the underlying ope...

This vulnerability allows authenticated attackers to execute arbitrary commands on GTB Central Console systems through command injection in the DNS se...

This critical vulnerability in TRENDnet TEW-822DRE routers allows remote attackers to execute arbitrary commands via command injection in the ping fun...

This vulnerability in the Newsletters WordPress plugin allows administrators to execute arbitrary SQL queries and shell commands on the server due to ...

This vulnerability allows authenticated administrators on Peplink Balance Two routers to execute arbitrary commands as root via command injection in t...

This vulnerability in Apache StreamPark allows authenticated users with system-level permissions to execute arbitrary commands through Maven compilati...

This vulnerability allows a malicious administrator in Jellyfin to execute arbitrary code on the server by exploiting a path traversal issue in the me...

This CVE describes a command injection vulnerability in PRTG Network Monitor's DICOM C-ECHO sensor. Authenticated users with write permissions can exp...

This CVE describes an OS command injection vulnerability in the libzebra.so library's change_hostname function in Milesight UR32L routers. Attackers c...

This CVE describes an OS command injection vulnerability in the Milesight UR32L router's user deletion functionality. Attackers can execute arbitrary ...

Authenticated command injection vulnerabilities in ArubaOS CLI allow attackers with valid credentials to execute arbitrary commands as privileged user...

This vulnerability allows authenticated privileged remote attackers to execute arbitrary commands with root privileges on Siemens CP-8031 and CP-8050 ...