CWE-77: Command Injection

This CVE describes a command injection vulnerability in TOTOLINK A6000R routers where an attacker can execute arbitrary commands via the devname param...

This CVE describes a command injection vulnerability in TOTOLINK EX200 routers that allows attackers to execute arbitrary system commands via the 'uss...

This critical vulnerability in Tenda AC1206 routers allows remote attackers to execute arbitrary commands via command injection in the ate_iwpriv_set/...

This critical vulnerability allows remote attackers to execute arbitrary commands on affected D-Link NAS devices by injecting malicious input into the...

This critical vulnerability allows remote attackers to execute arbitrary commands on affected D-Link NAS devices by injecting malicious input into the...

This critical vulnerability allows remote attackers to execute arbitrary commands on affected D-Link NAS devices via command injection in the HTTP POS...

This critical vulnerability allows remote attackers to execute arbitrary commands on affected D-Link NAS devices by exploiting a command injection fla...

This critical vulnerability allows remote attackers to execute arbitrary commands on affected D-Link NAS devices by injecting malicious commands throu...

This critical vulnerability in TOTOLINK X6000R routers allows remote attackers to execute arbitrary commands via command injection in the setSyslogCfg...

This critical vulnerability in Tosei Online Store Management System allows remote attackers to execute arbitrary commands via command injection in the...

This critical vulnerability allows remote attackers to execute arbitrary commands on affected D-Link NAS devices through command injection in the phot...

This critical vulnerability in Vivotek IB8367A VVTK-0100b allows remote attackers to execute arbitrary commands via command injection in the upload_fi...

This CVE describes a critical command injection vulnerability in TOTOLINK LR350 routers. Attackers can remotely execute arbitrary commands by manipula...

An authenticated command injection vulnerability in AOS-10 GW and AOS-8 Controllers/Mobility Conductor allows attackers with physical access to execut...

Bambu Studio versions 2.1.1.52 and earlier contain a vulnerability that allows local attackers to execute arbitrary code during application startup. T...

This vulnerability allows attackers to create arbitrary files on Windows PaperCut NG/MF servers with Web Print enabled, potentially flooding disk spac...

This vulnerability allows authenticated local attackers with administrative credentials to execute arbitrary commands as root on affected Cisco Unifie...

CVE-2025-5525 is a critical command injection vulnerability in Jrohy trojan versions up to 2.15.3. Attackers can execute arbitrary operating system co...

This vulnerability allows remote attackers to execute arbitrary commands on PCAN-Ethernet Gateway devices by injecting shell metacharacters in softwar...

This CVE describes an image processing vulnerability in Apple operating systems where improper bounds checks could allow maliciously crafted images to...

This CVE describes an SMTP injection vulnerability in JetBrains TeamCity that allows attackers to modify email content sent by the application. Attack...

This critical vulnerability in D-Link DI-7300G+ routers allows remote attackers to execute arbitrary operating system commands by manipulating the Tim...

A critical command injection vulnerability in Edimax IP cameras allows attackers to execute arbitrary commands on affected devices by manipulating the...

A stored HTML injection vulnerability in Mealie 3.3.1 allows authenticated users to inject arbitrary HTML into recipe notes, which can lead to user in...

This vulnerability allows attackers within Wi-Fi range to execute arbitrary code on affected Ubiquiti airMAX and airFiber devices by exploiting a flaw...

A command injection vulnerability in D-Link DIR-823G router firmware allows attackers with write access to /var/system/linux_vlan_reinit to execute ar...

An unauthenticated command injection vulnerability in Linksys E1200 v2 routers allows remote attackers to execute arbitrary commands on the device wit...

CVE-2025-50817 is a disputed vulnerability in Python-Future 1.0.0 where the module automatically imports a file named test.py if present in accessible...

CVE-2025-54393 is a static code injection vulnerability in Netwrix Directory Manager (formerly Imanami GroupID) that allows authenticated users to exe...

This command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router allows authenticated attackers to execute arbitrary commands as root via...

An unauthenticated remote attacker can inject arbitrary commands into emails sent by Cisco Duo's self-service portal due to insufficient input validat...

MRCMS v3.1.2 contains a server-side template injection vulnerability in DispatcherServlet.java that allows attackers to execute arbitrary code on the ...

Dell CloudLink versions before 8.1.1 contain a command injection vulnerability that allows authenticated attackers to execute arbitrary commands on af...

A command injection vulnerability in D-Link DSL-7740C routers allows attackers to execute arbitrary commands via crafted GET requests targeting the EX...

This CVE describes a command injection vulnerability in neurobin shc versions up to 4.0.3. Attackers with local access can execute arbitrary operating...

This vulnerability in neurobin shc up to version 4.0.3 allows local command injection through the filename handler component. Attackers with local acc...

A HTML injection vulnerability in PHPGurukul Park Ticketing Management System v2.0 allows remote attackers to inject malicious HTML/JavaScript via the...

A HTML injection vulnerability in PHPGurukul Park Ticketing Management System v2.0 allows remote attackers to inject malicious HTML/JavaScript via the...

This command injection vulnerability in Fortinet FortiNAC allows attackers to execute arbitrary commands on affected systems via specially crafted req...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of sparkshop by uploading a specially craf...

This CVE describes a command injection vulnerability in WAVLINK WN551K1 routers where attackers can execute arbitrary commands via the IP parameter in...

This CVE describes a command injection vulnerability in WAVLINK WN551K1 routers through the start_hour parameter of the nightled.cgi script. Attackers...

This vulnerability allows local attackers to inject startup scripts via crafted .txt files in the Data directory on Nokia Symbian Belle devices runnin...

This vulnerability allows unauthenticated attackers on the same local network to execute arbitrary system commands on Fanvil x210 V2 IP phones. Attack...

CVE-2025-60855 is a firmware validation vulnerability in Reolink Video Doorbell WiFi DB_566128M5MP_W that allows attackers to bypass signature checks ...

This vulnerability in Firefox and Thunderbird's 'copy as cURL' feature allows attackers to craft malicious commands with insufficient escaping of spec...

SeaCMS v13.3 contains a remote code execution vulnerability in the admin_ip.php component that allows attackers to execute arbitrary code on affected ...

SeaCMS v13.3 contains a remote code execution vulnerability in the admin_notify.php component that allows attackers to execute arbitrary code on affec...

SeaCMS v13.3 contains a remote code execution vulnerability in admin_template.php that allows attackers to execute arbitrary code on affected systems....

This CVE describes a command injection vulnerability in TOTOLINK A6000R routers that allows attackers to execute arbitrary commands via the opmode par...