CWE-77: Command Injection

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-816 A2 routers via the /goform/Diagnosis component. Attackers c...

This vulnerability allows remote attackers to execute arbitrary code on affected TOTOLINK X5000R routers by sending specially crafted requests to the ...

This vulnerability allows remote attackers to execute arbitrary commands on NVK iBSG v3.5 systems by injecting malicious commands into the system_host...

COMFAST CF-XR11 V2.7.2 contains a command injection vulnerability in the web management interface. Attackers can send specially crafted POST requests ...

This vulnerability allows remote attackers to execute arbitrary code on Wavlink WL_WNJ575A3 routers by exploiting improper input validation in the use...

This is a command injection vulnerability in COMFAST CF-XR11 routers that allows remote attackers to execute arbitrary commands on the device. Attacke...

This critical command injection vulnerability in MiVoice Office 400 SMB Controller allows attackers to execute arbitrary system commands with the priv...

This CVE describes a command injection vulnerability in OPNsense's diag_backup.php component that allows attackers to execute arbitrary commands by up...

This vulnerability allows remote attackers to execute arbitrary commands on Netgear R7100LG routers by injecting malicious code into the password para...

This vulnerability allows remote attackers to execute arbitrary commands on servers running django-sspanel v2022.2.2 through the GoodsCreateView compo...

Dango-Translator v4.5.5 contains a remote command execution vulnerability via the cloud_config.json configuration file. Attackers can execute arbitrar...

CVE-2022-39986 is an unauthenticated command injection vulnerability in RaspAP web interface versions 2.8.0 through 2.8.7. Attackers can execute arbit...

A critical command injection vulnerability in Chamilo's wsConvertPpt component allows remote attackers to execute arbitrary commands on the server via...

CVE-2023-37214 is a command injection vulnerability in Heights Telecom ERO1xS-Pro Dual-Band firmware that allows attackers to execute arbitrary comman...

CVE-2023-38336 is a command injection vulnerability in netkit-rcp (part of rsh-client) that allows attackers to execute arbitrary commands via special...

A critical command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows remote unauthenticated attackers to execute arbitrary com...

This vulnerability allows remote attackers to execute arbitrary commands on Tenda AC10 routers by injecting malicious commands into the mac parameter ...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK LR350 routers by injecting malicious commands into the FileName p...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK LR350 routers by injecting malicious commands into the FileName p...

This CVE describes a command injection vulnerability in TP-Link TL-WPA8630P powerline Wi-Fi extenders. Attackers can execute arbitrary commands on the...

This CVE describes a command injection vulnerability in TP-Link TL-WPA8630P powerline Wi-Fi extenders. Attackers can execute arbitrary commands on the...

CVE-2023-26295 is a command injection vulnerability in HP Device Manager that allows attackers to execute arbitrary commands on affected systems. This...

This CVE describes a command injection vulnerability in TOTOLink A7100RU routers that allows attackers to execute arbitrary commands on the device. Th...

CVE-2023-20887 is a command injection vulnerability in VMware Aria Operations for Networks that allows remote code execution. Attackers with network a...

This CVE describes a command injection vulnerability in Anyka Microelectronics AK3918EV300 MCU firmware version 18. Attackers can execute arbitrary co...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X5000R routers via command injection in the setWanCfg function. A...

This CVE describes a command injection vulnerability in Netgear R6250 routers that allows authenticated attackers to execute arbitrary commands with s...

This CVE describes a command injection vulnerability in Broadcom's Advanced Secure Gateway and Content Analysis products. Attackers can execute arbitr...

This vulnerability in the ruby-saml gem allows XPath injection leading to remote code execution. Attackers can execute arbitrary code on systems using...

CVE-2023-33294 is a critical remote code execution vulnerability in KaiOS 3.0 where an exposed local web server on port 2929 allows arbitrary bash com...

CVE-2023-31729 is a command injection vulnerability in TOTOLINK A3300R routers that allows attackers to execute arbitrary commands on the device via t...

This CVE describes a command injection vulnerability in TOTOLINK CP300+ routers that allows attackers to execute arbitrary commands via crafted HTTP p...

A command injection vulnerability in Edimax N300 router firmware allows unauthenticated attackers to execute arbitrary system commands via the setWAN ...

This CVE describes a critical command injection vulnerability in Edimax N300 wireless router firmware that allows unauthenticated attackers to execute...

This CVE describes a template injection vulnerability in Go's text/template and html/template packages where certain Unicode whitespace characters are...

This CVE describes a command injection vulnerability in Tenda AC18 routers that allows attackers to execute arbitrary commands on the device. Attacker...

CVE-2023-27849 is a critical remote code execution vulnerability in rails-routes-to-json v1.0.0 that allows attackers to execute arbitrary commands on...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of huedawn-tesseract or dawnsparks-node-te...

The Nanoleaf Desktop App before version 1.3.1 contains a command injection vulnerability that allows attackers to execute arbitrary commands on affect...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X18 routers by injecting malicious commands into the FileName par...

This CVE describes a command injection vulnerability in TOTOLINK X18 routers that allows attackers to execute arbitrary commands on the device by mani...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X18 routers by injecting malicious commands into the setTracerout...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on Siemens CP-8031 and CP-8050 MASTER MODULE devices via comm...

This CVE describes a command injection vulnerability in TOTOlink A7100RU routers via the org parameter in the setting/delStaticDhcpRules endpoint, all...

This critical vulnerability in Atos Unify OpenScape 4000 platforms allows unauthenticated attackers to execute arbitrary operating system commands and...

This CVE describes a command injection vulnerability in Microweber CMS versions prior to 1.3.3. Attackers can execute arbitrary operating system comma...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands with root privileges on GreenPacket OH736 WR-1200 Indoor Unit...

CVE-2023-1671 is a critical pre-authentication command injection vulnerability in Sophos Web Appliance that allows unauthenticated attackers to execut...

This vulnerability in Jenkins Convert To Pipeline Plugin allows attackers with permission to configure Freestyle projects to inject malicious Pipeline...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link Go-RT-AC750 routers via command injection in the service parameter ...