CWE-77: Command Injection

A remote code execution vulnerability in WebKul Bagisto v2.3.6 allows attackers to execute arbitrary code via the Cart/Checkout API endpoint. The pric...

A vulnerability in chinabugotech hutool's QLExpressEngine class allows attackers to execute arbitrary expressions, leading to arbitrary method invocat...

This vulnerability in petstore v1.0.7 allows remote attackers to execute arbitrary code by accessing a non-existent endpoint that triggers a 404 error...

A command injection vulnerability in petstore v1.0.7 allows remote attackers to execute arbitrary code via the DELETE endpoint. This affects any syste...

This vulnerability allows remote attackers to execute arbitrary code on PocketVJ CP systems via the submit_size.php component. It affects PocketVJ-CP-...

This CVE describes a command injection vulnerability in Tenda AC6 router firmware that allows attackers to execute arbitrary system commands. The vuln...

This vulnerability in ClipBucket v5.5.2 Build#90 allows remote attackers to execute arbitrary code via the file_downloader.php component by manipulati...

ModStartCMS v9.5.0 contains an arbitrary file write vulnerability that allows attackers to upload malicious files to the server. This can lead to remo...

This vulnerability allows attackers to execute arbitrary commands on Wavlink WN535K3 routers by sending specially crafted requests to the set_sys_cmd ...

This CVE describes a command injection vulnerability in Wavlink WN535K3 routers that allows attackers to execute arbitrary system commands by manipula...

This CVE describes a command injection vulnerability in Hitron CGNF-TWN routers that allows attackers to execute arbitrary commands through the telnet...

This CVE describes a command injection vulnerability in D-Link DSL-7740C routers that allows authenticated attackers to execute arbitrary commands via...

This CVE describes a deserialization vulnerability in Volcengine's verl 3.0.0 that allows arbitrary code execution when loading malicious model files....

This CVE describes a command injection vulnerability in TOTOLINK A3002R routers via the bupload.html component. Attackers can execute arbitrary comman...

This vulnerability allows attackers to execute arbitrary code on systems running phome Empirebak 2010 when the vulnerable config.php file is loaded. T...

This vulnerability in Microsoft 365 Copilot BizChat allows authenticated attackers to access sensitive information from other users' business chats. I...

This CVE describes a command injection vulnerability in Mitel SIP phones that allows unauthenticated attackers to execute arbitrary commands on affect...

This vulnerability in U-Boot v1.1.3 allows attackers to bypass signature verification during firmware updates, enabling installation of malicious firm...

This CVE describes a command injection vulnerability in TwistedWeb 14.0.0 that allows remote attackers to execute arbitrary commands on affected syste...

A PHAR deserialization vulnerability in PrestaShop v8.2.0 allows attackers to execute arbitrary code on the server by sending a specially crafted POST...

This CVE describes an unauthenticated command injection vulnerability in Totolink X6000R routers. Attackers can execute arbitrary system commands by s...

A session management vulnerability in Clinical Collaboration Platform 12.2.1.5 allows remote attackers to obtain sensitive information and execute arb...

This vulnerability allows attackers to upload malicious files to M2Soft CROWNIX Report & ERS systems, potentially leading to remote code execution. Af...

This vulnerability involves hardcoded credentials in the Telnet service of specific D-Link router models, allowing attackers to remotely execute arbit...

This CVE describes an arbitrary file upload vulnerability in ThingsBoard's Image Gallery component that allows attackers to upload malicious files and...

This vulnerability allows remote attackers to execute arbitrary code on Tenda FH451 routers running firmware version V1.0.0.9. The flaw exists in the ...

This vulnerability allows remote attackers to execute arbitrary commands on affected D-Link network-attached storage (NAS) devices by exploiting impro...

This vulnerability in Linux Malware Detect (LMD) allows attackers to escalate privileges and execute arbitrary code by supplying a file with a special...

This vulnerability allows unauthenticated attackers with network access to connect to TCP port 4444 on affected Gefen WebFWC devices and execute arbit...

This CVE describes a command injection vulnerability in TOTOLINK CA300-POE routers that allows attackers to execute arbitrary system commands via the ...

This CVE describes a command injection vulnerability in TOTOLINK CA600-PoE routers that allows attackers to execute arbitrary commands via crafted req...

This CVE describes a command injection vulnerability in TOTOLINK CA600-PoE routers that allows attackers to execute arbitrary commands via the svn par...

This CVE describes a command injection vulnerability in TOTOLINK CA600-PoE routers that allows attackers to execute arbitrary system commands via the ...

This CVE describes a command injection vulnerability in TOTOLINK CA600-PoE routers that allows attackers to execute arbitrary commands via the FileNam...

This CVE describes a command injection vulnerability in Edimax AC1200 routers that allows authenticated attackers to execute arbitrary commands on the...

This CVE describes a command injection vulnerability in Edimax AC1200 routers that allows attackers to execute arbitrary commands on the device. The v...

This vulnerability allows remote attackers to execute arbitrary commands on Totolink X5000R routers through command injection in the apcli_wps_gen_pin...

This CVE describes a command injection vulnerability in Karl Ward's files.gallery video thumbnail rendering component. Attackers can execute arbitrary...

This vulnerability in linkturbonative service allows command injection through improper input validation. An attacker with System execution privileges...

This vulnerability in linkturbonative service allows command injection through improper input validation, enabling local privilege escalation. Attacke...

This vulnerability allows authenticated administrators to execute arbitrary commands through the Redfish API on affected Cisco UCS servers, potentiall...

This CVE describes a command injection vulnerability in the exec_in_pod tool of mcp-server-kubernetes. When commands are provided in string format, th...

This vulnerability allows attackers to bypass Cursor code editor's allowlist in auto-run mode using backtick (`) or $(cmd) syntax, enabling arbitrary ...

An authenticated remote code execution vulnerability in ClearPass Policy Manager's web interface allows authenticated attackers to execute arbitrary c...

This CVE allows attackers to execute arbitrary commands in GitLab CI/CD pipelines through prompt injection. Attackers can manipulate pipeline configur...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on Intelbras TIP 635G routers through the Ping Handle...

This CVE describes a remote command injection vulnerability in Totolink WA300 routers. Attackers can execute arbitrary operating system commands by ma...

This vulnerability allows remote attackers to execute arbitrary operating system commands on systems running XixianLiang HarmonyOS-mcp-server 0.1.0. A...

This CVE describes an OS command injection vulnerability in D-Link DIR-823X routers via the lan_gateway parameter in the /goform/set_mode endpoint. At...

This vulnerability allows remote attackers to execute arbitrary operating system commands on Tenda W6-S routers via command injection in the ATE Servi...