CWE-77: Command Injection

CVE-2021-20527 is an improper neutralization of special elements vulnerability in IBM Resilient SOAR that allows a privileged user to create malicious...

CVE-2020-25217 is a command injection vulnerability in Grandstream GRP261x VoIP phones that allows attackers to execute arbitrary commands as root thr...

This CVE-2020-2508 is a command injection vulnerability in QNAP QTS and QuTS hero operating systems that allows attackers to execute arbitrary command...

This CVE describes an authenticated command injection vulnerability in Barco TransForm N's NDN-210 web administration panel. It allows authenticated u...

This CVE describes an authenticated command injection vulnerability in the Barco NDN-210 web administration panel. Authenticated attackers can execute...

This CVE allows authenticated administrators to execute arbitrary commands on affected Zyxel firewall and VPN products by injecting malicious input du...

This command injection vulnerability in QNAP QTS allows remote attackers to execute arbitrary commands on affected systems. It affects QNAP NAS device...

This vulnerability allows authenticated remote attackers to execute arbitrary commands with root privileges on Cisco IOS XE devices via the web UI. At...

This vulnerability in Vim's tar.vim plugin allows arbitrary shell command execution when opening specially crafted tar archives. Attackers can exploit...

Authenticated users in Logpoint UniversalNormalizer can inject malicious payloads while creating Universal Normalizer configurations, leading to remot...

Authenticated users in Logpoint versions before 7.5.0 can inject malicious payloads into Report Templates. When backups are initiated, these payloads ...

This CVE describes a command injection vulnerability in Dell SmartFabric OS10 Software that allows low-privileged remote attackers to execute arbitrar...

CVE-2024-4638 is a command injection vulnerability in OnCell G3470A-LTE Series industrial cellular routers. Attackers can execute arbitrary commands b...

CVE-2023-35932 is a configuration injection vulnerability in the jcvi Python library that allows malicious user input to reach configuration files uns...

This vulnerability allows authenticated users on NETGEAR D6220 routers to execute arbitrary commands through command injection. Attackers with valid c...

This command injection vulnerability in Azure Arc allows authenticated attackers to execute arbitrary commands on affected systems, potentially leadin...

CVE-2020-7384 is a command injection vulnerability in Rapid7's Metasploit msfvenom framework that allows attackers to execute arbitrary commands on sy...

This vulnerability allows local physical attackers with access to the device's SD card slot to execute arbitrary code by overriding the bootloader. It...

This vulnerability in alist-tvbox v1.7.1 allows remote attackers to execute arbitrary commands on affected systems via the /atv-cli endpoint. This is ...

This command injection vulnerability in Visual Studio allows authenticated attackers to execute arbitrary code on the local system by injecting malici...

This CVE describes a command injection vulnerability in Dell SmartFabric OS10 Software that allows high-privileged attackers with local access to exec...

Dell SmartFabric OS10 Software contains a command injection vulnerability that allows authenticated high-privileged attackers to execute arbitrary com...

This CVE describes a command injection vulnerability in Aqara Camera Hub G3 devices that allows attackers to execute arbitrary commands with root priv...

This CVE describes an OS command injection vulnerability in QNAP operating systems that allows authenticated administrators to execute arbitrary comma...

This vulnerability allows an administrative remote attacker controlling a SINEMA Remote Connect Server to execute arbitrary code with system privilege...

This CVE describes an OS command injection vulnerability in QNAP operating systems that allows remote authenticated administrators to execute arbitrar...

A command injection vulnerability in AOS-8 allows authenticated privileged users to inject shell commands by manipulating package headers. This could ...

This DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to place a malicious DLL in a location where the application searches...

A command injection vulnerability in sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary system commands by supplying malicious input to t...

CVE-2025-67436 is an authenticated remote code execution vulnerability in PluXml CMS 5.8.22. Attackers with administrator panel access can inject mali...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK N200RE routers by injecting malicious input into the hostName par...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK A3300R routers by injecting malicious input into the host_time pa...

This CVE describes an authenticated command injection vulnerability in AVTECH SECURITY Corporation's DGM1104 FullImg-1015-1004-1006-1003 firmware. Att...

CVE-2025-65657 is a remote code execution vulnerability in FeehiCMS version 2.1.1 that allows authenticated attackers to upload malicious PHP files th...

This vulnerability allows authenticated remote attackers to inject malicious commands through the device's command line interface, potentially executi...

CVE-2025-63749 is a command injection vulnerability in pnetlab 5.3.11 that allows attackers to execute arbitrary commands on the system by manipulatin...

A remote command execution vulnerability in H3C ERG3/ERG5 series routers, XiaoBei series routers, cloud gateways, and wireless access points allows at...

This CVE describes a remote code execution vulnerability in baryhuang/mcp-server-aws-resources-python version 0.1.0. Attackers can execute arbitrary P...

This CVE describes an unauthenticated command injection vulnerability in D-Link DIR-878A1 router firmware that allows remote attackers to execute arbi...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on D-Link DIR-878A1 routers by exploiting a command injection...

This CVE describes a command injection vulnerability in D-Link DIR-882 router firmware that allows unauthenticated remote attackers to execute arbitra...

This CVE describes a command injection vulnerability in ToToLink A720R router firmware that allows unauthenticated remote attackers to execute arbitra...

This CVE describes a command injection vulnerability in ToToLink A720R router firmware that allows arbitrary command execution. Attackers with write a...

An unauthenticated command injection vulnerability in ToToLink LR1200GB routers allows attackers to execute arbitrary system commands by sending malic...

This vulnerability allows arbitrary code execution as root on KERUI K259 5MP Wi-Fi/Tuya Smart Security Cameras. During startup, the camera automatical...

A command injection vulnerability in NetSurf browser version 3.11 allows remote attackers to execute arbitrary code via the dom_node_normalize functio...

The Reolink desktop application version 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism. An attacker coul...

CVE-2025-57164 allows remote code execution in Flowise AI platforms through unsanitized user input in the Supabase RPC Filter field. Attackers can exe...

An arbitrary file upload vulnerability in CoCalc allows attackers to upload malicious SVG files that can execute arbitrary code on the server. This af...

This vulnerability in MCMS v6.0.1 allows attackers to upload malicious files to the server, which can then be executed to run arbitrary code. This aff...