CWE-77: Command Injection

This vulnerability allows unauthenticated attackers to execute arbitrary Bash or PowerShell commands on affected Cleo systems by exploiting the defaul...

This vulnerability allows remote attackers to execute arbitrary commands on ORing IAP-420 devices through SNMP objects in NET-SNMP. Attackers can inje...

This CVE describes an OS command injection vulnerability in QNAP QuRouter software that allows remote attackers to execute arbitrary commands on affec...

This vulnerability allows attackers to execute arbitrary commands on Pandora FMS servers by exploiting a command injection flaw in the LDAP authentica...

This vulnerability allows a local attacker to execute arbitrary code on affected D-Link 5G CPE devices via a crafted request. It affects DWR-2000M 5G ...

DCME-320 v7.4.12.90 contains a command injection vulnerability (CWE-77) that allows attackers to execute arbitrary commands on affected systems. This ...

This critical vulnerability allows unauthenticated attackers to execute arbitrary commands with privileged access on Aruba access points by sending sp...

CVE-2024-51255 is a command injection vulnerability in DrayTek Vigor3900 routers that allows attackers to execute arbitrary commands via the mainfunct...

This vulnerability allows remote attackers to execute arbitrary commands on DrayTek Vigor3900 routers by injecting malicious commands into the mainfun...

A critical command injection vulnerability in Trend Micro Cloud Edge allows unauthenticated remote attackers to execute arbitrary commands on affected...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on Mitel MiCollab systems running vulnerable NuPoint Messenger versi...

This vulnerability allows remote attackers to execute arbitrary code on DCME-320-L devices via the log_u_umount.php component. It affects all systems ...

This CVE describes a command injection vulnerability in NginxProxyManager's Let's Encrypt certificate request function. An attacker can execute arbitr...

This critical vulnerability allows unauthenticated attackers to execute arbitrary commands on Aruba access points by sending specially crafted packets...

This critical vulnerability allows unauthenticated attackers to execute arbitrary commands with privileged access on Aruba access points by sending ma...

CVE-2024-46048 is a command injection vulnerability in Tenda FH451 routers that allows remote attackers to execute arbitrary commands on the device. T...

CVE-2024-45824 is a critical remote code execution vulnerability affecting Rockwell Automation products. Attackers can chain path traversal, command i...

COMFAST CF-XR11 routers running firmware V2.7.2 have a command injection vulnerability in the web management interface. Attackers can send specially c...

This CVE describes a command injection vulnerability in Tenda AC15 routers that allows remote attackers to execute arbitrary commands via crafted POST...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DI-8300 routers via command injection in the upgrade_filter_asp fun...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DI-8100G routers via command injection in the upgrade_filter.asp fi...

This critical vulnerability in D-Link DI-8400 firmware version 16.07.26A1 allows remote attackers to execute arbitrary commands on affected devices. T...

This vulnerability allows remote attackers to execute arbitrary commands on Beijing Digital China Cloud Technology DCME-320 devices via the getVar fun...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DI-8004W routers through the jhttpd msp_info_htm function. Attacker...

This vulnerability allows attackers to execute arbitrary commands on Tenda FH1201 routers by sending a specially crafted HTTP request to the /goform/t...

CVE-2024-42360 is a command injection vulnerability in SequenceServer BLAST+ server software where improper input sanitization in HTTP endpoints allow...

CVE-2024-5914 is a critical command injection vulnerability in Palo Alto Networks Cortex XSOAR CommonScripts Pack that allows unauthenticated attacker...

This CVE describes a command injection vulnerability in Enphase IQ Gateway (formerly Envoy) devices that allows attackers to execute arbitrary operati...

This CVE describes a command injection vulnerability in TOTOLINK A6000R routers that allows attackers to execute arbitrary commands on the device via ...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK A6000R routers by injecting malicious commands through the ifname...

This CVE describes a command injection vulnerability in TOTOLINK A6000R routers that allows attackers to execute arbitrary commands on the device. The...

CVE-2024-40110 is an unauthenticated remote code execution vulnerability in Sourcecodester Poultry Farm Management System v1.0. Attackers can execute ...

This vulnerability allows remote attackers to execute arbitrary commands on FOG Project servers via command injection in the filename parameter. It af...

This vulnerability in SeaCMS allows remote attackers to execute arbitrary code via the admin_ping.php file. It affects SeaCMS versions up to and inclu...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on WhatsUp Gold systems through the NmApi.exe component. Attacker...

This vulnerability allows remote command injection in Roundcube Webmail on Windows systems through the im_convert_path and im_identify_path parameters...

This vulnerability allows remote attackers to execute arbitrary commands with root privileges on Tenda O3V2 routers via a blind command injection in t...

This CVE describes a critical command injection vulnerability in the parisneo/lollms-webui's 'open_file' module. Attackers can exploit it by providing...

This vulnerability in parisneo/lollms allows remote attackers to execute arbitrary code by exploiting insufficient input sanitization in the /unInstal...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X5000R routers by injecting malicious commands through the 'port'...

This CVE describes a command injection vulnerability in Linksys E5600 routers where an attacker can execute arbitrary commands via the ipurl parameter...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-822+ routers via command injection in the firmware upload funct...

A heap overflow vulnerability in the WLInfoRailService component of Ivanti Avalanche allows remote unauthenticated attackers to execute arbitrary comm...

Delta Electronics DVW-W02W2-E2 devices have critical vulnerabilities in their web administration interface that allow remote unauthenticated attackers...

A command injection vulnerability in the run-llama/llama_index repository allows attackers to bypass security checks and execute arbitrary code on ser...

CVE-2024-3566 is a command injection vulnerability affecting Windows applications that use CreateProcess function with improper argument quoting. Atta...

CVE-2024-29864 is a command injection vulnerability in Distrobox that allows attackers to execute arbitrary code by injecting malicious commands into ...

This is a critical command injection vulnerability in Indo-Sol PROFINET-INspektor NT devices that allows remote attackers to execute arbitrary system ...

This CVE describes a command injection vulnerability in Netis WF2780 routers that allows attackers to execute arbitrary commands on the device by mani...

This CVE describes a command injection vulnerability in D-Link DIR-816 routers that allows attackers to execute arbitrary commands via the urlAdd para...