CWE-77: Command Injection
The product constructs all or part of a command using externally-influenced input, but does not neutralize special elements that could modify the intended command.
Yearly Trend
Top Affected Vendors
All Command Injection CVEs (1,190)
SeaCMS v13.3 contains a remote code execution vulnerability in admin_template.php that allows attackers to execute arbitrary code on affected systems....
Feb 26, 2025This CVE describes a command injection vulnerability in TOTOLINK A6000R routers that allows attackers to execute arbitrary commands via the opmode par...
Jan 10, 2025This CVE describes a critical OS command injection vulnerability in inclusionAI AWorld's shell_tool.py file, specifically in the subprocess.run/subpro...
Apr 28, 2025A command injection vulnerability in the API allows low-privileged remote attackers to execute arbitrary code as the user-app user due to improper inp...
May 14, 2024This vulnerability allows authenticated administrators on Cisco Secure Firewall Management Center to execute arbitrary commands as root due to insuffi...
Aug 14, 2025This vulnerability in Firefox and Thunderbird's 'Copy as cURL' feature allows command injection via insufficient newline character escaping. An attack...
May 27, 2025The Custom Twitter Feeds WordPress plugin before version 2.2.3 contains a stored cross-site scripting (XSS) vulnerability in its settings. This allows...
Oct 8, 2024This CVE describes an OS command injection vulnerability in D-Link DIR-823X routers via the /goform/set_password endpoint. Attackers can remotely exec...
Feb 7, 2026This CVE describes an OS command injection vulnerability in D-Link DIR-823X routers. Attackers can remotely execute arbitrary commands by manipulating...
Feb 7, 2026This CVE describes an OS command injection vulnerability in D-Link DIR-823X routers. Attackers can execute arbitrary commands remotely by manipulating...
Feb 6, 2026This CVE describes an OS command injection vulnerability in D-Link DIR-823X routers. Attackers can remotely execute arbitrary commands on affected dev...
Feb 6, 2026This CVE describes an OS command injection vulnerability in Edimax BR-6478AC V3 routers. Attackers can remotely execute arbitrary commands by manipula...
Dec 5, 2025This CVE describes an OS command injection vulnerability in Edimax BR-6478AC V3 routers. Attackers can remotely execute arbitrary commands on affected...
Dec 5, 2025This CVE describes an OS command injection vulnerability in Edimax BR-6478AC V3 routers. Attackers can remotely execute arbitrary commands by manipula...
Dec 5, 2025This CVE describes an OS command injection vulnerability in D-Link DAP-2695 firmware update handler that allows remote attackers to execute arbitrary ...
Oct 27, 2025This CVE describes an OS command injection vulnerability in D-Link DAP-2695 access points through the firmware update handler. Attackers can execute a...
Oct 13, 2025This CVE describes an OS command injection vulnerability in Ruijie NBR2100G-E routers. Attackers can remotely execute arbitrary commands by manipulati...
Sep 29, 2025This CVE describes an OS command injection vulnerability in Wavlink WL-NU516U1 routers that allows remote attackers to execute arbitrary commands on a...
Sep 22, 2025This CVE describes an OS command injection vulnerability in D-Link DI-500WF routers that allows remote attackers to execute arbitrary commands on affe...
Aug 31, 2025This critical vulnerability in westboy CicadasCMS 2.0 allows remote attackers to execute arbitrary operating system commands through the Scheduled Tas...
Apr 19, 2025A command injection vulnerability in QNAP operating systems allows remote attackers with administrator access to execute arbitrary commands on affecte...
Mar 7, 2025This critical vulnerability in FiberHome AN5506-01A ONU GPON RP2511 allows remote attackers to execute arbitrary operating system commands through com...
Feb 24, 2025This vulnerability in ClearPass Policy Manager's web interface allows authenticated remote attackers to execute arbitrary commands on the host system ...
Dec 3, 2024This critical vulnerability allows remote attackers to execute arbitrary commands on affected WAVLINK routers by injecting malicious input into the DD...
Oct 20, 2024This vulnerability in Apache StreamPark allows authenticated users with system-level permissions to execute arbitrary commands through improper input ...
Jul 17, 2024This critical vulnerability in Arris VAP2500 routers allows remote attackers to execute arbitrary commands via command injection in the /tools_command...
May 22, 2024This critical vulnerability in Arris VAP2500 firmware allows remote attackers to execute arbitrary commands via command injection in the customer_info...
May 22, 2024This critical vulnerability in MicroWord eScan Antivirus 7.0.32 on Linux allows local attackers to execute arbitrary operating system commands through...
Feb 17, 2025This vulnerability allows attackers to upload malicious Zip files through YZNCMS's plugin installation feature, potentially leading to arbitrary code ...
Feb 26, 2025This CVE describes a command injection vulnerability in Zoom Clients for Windows that allows authenticated users to execute arbitrary commands, potent...
Oct 15, 2025CVE-2024-38903 is a command injection vulnerability in H3C Magic R230 routers where the UDP server on port 9034 allows unauthenticated attackers to ex...
Jun 24, 2024Monica AI Assistant desktop application v2.3.0 contains a prompt injection vulnerability that allows attackers to manipulate chatbot responses to exfi...
Sep 26, 2024A logic vulnerability in Apple operating systems allows attackers in privileged network positions to intercept network traffic. This affects multiple ...
Feb 11, 2026This vulnerability allows arbitrary command execution through shell injection in development scripts of the Kimi Agent SDK. Only developers working wi...
Jan 29, 2026This CVE describes a command injection vulnerability in Active Storage when used with image_processing gem and mini_magick. Attackers can execute arbi...
Jan 30, 2026This CVE describes a command injection vulnerability in Johnson Controls Metasys components that allows remote SQL execution. Attackers can inject mal...
Jan 30, 2026CVE-2025-15366 is a command injection vulnerability in Python's imaplib module where user-controlled commands containing newlines can inject additiona...
Jan 20, 2026This CVE describes a command injection vulnerability in multiple Vivotek device models that allows attackers to execute arbitrary operating system com...
Jan 13, 2026This vulnerability allows a non-administrative Windows user with local access to escalate privileges to SYSTEM level on machines running WatchGuard Mo...
Dec 4, 2025CVE-2025-11921 is a privilege escalation vulnerability in iStats (iStat Menus) where local unprivileged users can execute arbitrary commands with root...
Nov 24, 2025About Command Injection (CWE-77)
The product constructs all or part of a command using externally-influenced input, but does not neutralize special elements that could modify the intended command.
Our database tracks 1,190 CVEs classified as CWE-77, with 462 rated critical and 507 rated high severity. The average CVSS score for Command Injection vulnerabilities is 8.3.
External reference: View CWE-77 on MITRE CWE →
Monitor Command Injection Vulnerabilities
Get alerted when new Command Injection CVEs affect your infrastructure.
Start Monitoring Free