CWE-77: Command Injection

This CVE describes a command injection vulnerability in RaspAP raspap-webgui that allows attackers to execute arbitrary commands on affected systems. ...

This CVE describes an insecure permissions vulnerability in sparkshop v1.1.7 that allows remote attackers to execute arbitrary code via the Common.php...

This CVE describes a command injection vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell firmware that allows attackers to execute arbit...

The DI-7400G+ router contains a command injection vulnerability in its web interface that allows attackers to execute arbitrary system commands. This ...

This CVE describes command injection vulnerabilities in UniFi Connect EV Station Lite that allow attackers with network access to execute arbitrary co...

CVE-2025-55294 is a command injection vulnerability in screenshot-desktop npm package that allows attackers to execute arbitrary shell commands by con...

This critical command injection vulnerability in TOTOLINK-A3002R routers allows attackers to execute arbitrary system commands via the devicemac param...

This vulnerability allows remote attackers to execute arbitrary commands with root privileges on affected Alcatel-Lucent OmniAccess Stellar access poi...

This CVE describes a command injection vulnerability in GPT-SoVITS-WebUI that allows attackers to execute arbitrary commands on the server by manipula...

This CVE describes a command injection vulnerability in GPT-SoVITS-WebUI that allows attackers to execute arbitrary commands on the server by manipula...

This CVE describes a command injection vulnerability in Wavlink WN535K3 routers that allows attackers to execute arbitrary system commands by manipula...

This critical vulnerability in D-Link DIR-816-A2 routers allows remote attackers to execute arbitrary code via the system() function in the goahead bi...

CVE-2025-5306 is a command injection vulnerability in Pandora FMS that allows attackers to execute arbitrary operating system commands by manipulating...

This CVE describes a command injection vulnerability in multiple Blink router models that allows attackers to execute arbitrary commands on affected d...

This CVE describes multiple command injection vulnerabilities in Blink routers where attackers can execute arbitrary commands via the cmd parameter in...

This CVE describes a command injection vulnerability in multiple Blink router models via the routepwd parameter. Attackers can execute arbitrary comma...

A command injection vulnerability in HPE StoreOnce Software allows remote attackers to execute arbitrary commands on affected systems. This affects al...

A command injection vulnerability in HPE StoreOnce Software allows remote attackers to execute arbitrary commands on affected systems. This affects al...

This CVE describes a command injection vulnerability in D-link DI-8100 firmware that allows remote attackers to execute arbitrary commands with highes...

This CVE describes a command injection vulnerability in Linksys E5600 routers via the DynDNS username parameter. Attackers can execute arbitrary comma...

This CVE describes a command injection vulnerability in the Linksys E5600 router's runtime.InternetConnection function. Attackers can execute arbitrar...

This CVE describes a command injection vulnerability in Linksys E5600 routers that allows attackers to execute arbitrary commands on the device by man...

CVE-2025-43844 is a critical command injection vulnerability in Retrieval-based-Voice-Conversion-WebUI that allows attackers to execute arbitrary comm...

CVE-2025-43843 is a critical command injection vulnerability in Retrieval-based-Voice-Conversion-WebUI that allows attackers to execute arbitrary comm...

This CVE describes a command injection vulnerability in NETGEAR RAX5 routers that allows attackers to execute arbitrary commands on the device. Attack...

This vulnerability allows remote attackers to execute arbitrary commands on NETGEAR RAX5 routers by injecting malicious commands through the iface par...

This vulnerability allows remote attackers to execute arbitrary commands on NETGEAR RAX5 routers by injecting malicious commands through the iface par...

This vulnerability allows remote attackers to execute arbitrary commands on NETGEAR RAX5 routers by injecting malicious input into the devname paramet...

This vulnerability allows remote attackers to execute arbitrary commands on Tenda AC9 routers via the Telnet service. Attackers can gain full control ...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK A950RG routers by exploiting improper input validation in the set...

This CVE describes a command injection vulnerability in Tenda AC9 routers that allows attackers to execute arbitrary commands via the deviceName param...

This vulnerability allows remote attackers to execute arbitrary code on BL-AC2100 routers by exploiting improper input validation in the goahead webse...

This vulnerability allows remote attackers to execute arbitrary code on Netgear WNR854T routers via a stack-based buffer overflow in the UPnP service....

A command injection vulnerability in the telnet service of Adtran 411 ONT devices allows unauthenticated attackers to execute arbitrary commands with ...

A command injection vulnerability in Adtran 411 ONT web interface allows attackers to execute arbitrary commands with root privileges. This affects sy...

A command injection vulnerability in NASA Fprime v3.4.3's Command Dispatcher Service allows attackers to execute arbitrary commands on affected system...

This CVE-2024-8156 is a critical command injection vulnerability in AutoGPT's GitHub Actions workflow. Attackers can inject arbitrary commands by crea...

This critical vulnerability in Pandora FMS allows attackers to execute arbitrary operating system commands through improper input sanitization, leadin...

This CVE describes a command injection vulnerability in Tenda AC10 routers that allows remote attackers to execute arbitrary commands with root privil...

This is a critical code injection vulnerability in EasyVirt DCScope and CO2Scope that allows remote unauthenticated attackers to execute arbitrary cod...

TRENDnet TEW-632BRP routers have a critical OS command injection vulnerability in the ntp_sync.cgi interface that allows remote attackers to execute a...

This CVE describes a command injection vulnerability in Tenda AC18 routers that allows attackers to execute arbitrary commands on the device. Attacker...

CVE-2025-22912 is a command injection vulnerability in RE11S v1.11 that allows attackers to execute arbitrary commands on affected devices via the /go...

This CVE describes a command injection vulnerability in Linksys E7350 routers that allows attackers to execute arbitrary commands on the device. The v...

This CVE describes a command injection vulnerability in Linksys E7350 routers where an attacker can execute arbitrary commands via the devname paramet...

This vulnerability allows remote attackers to execute arbitrary commands on Tenda AC9 routers by injecting malicious commands into the SetSambaCfg for...

A vulnerability in Motorola SM56 Modem WDM Driver allows low-privileged users to map physical memory via crafted IOCTL requests. This enables privileg...

This is a critical command injection vulnerability in Huawei terminal printers that allows attackers to execute arbitrary commands with the highest pr...

SeaCMS versions up to 13.0 contain a command injection vulnerability in phome.php through the Ebak_RepPathFiletext() function. This allows attackers t...

This critical vulnerability in BeyondTrust Privileged Remote Access and Remote Support products allows unauthenticated attackers to execute arbitrary ...