Weaknesses of type CWE-74
4,127 resultsCVE-2026-0732MEDIUMD-Link DI-8200G upgrade_filter.asp command injectionEPSS 10.0%CVE-2025-15136HIGHTRENDnet TEW-800MB Management wizardset do_setWizard_asp command injectionEPSS 9.8%CVE-2026-2824MEDIUMComfast CF-E7 webmggnt mbox-config sub_441CF4 command injectionEPSS 9.5%CVE-2026-3612HIGHWavlink WL-NU516U1 OTA Online Upgrade adm.cgi sub_405AF4 command injectionEPSS 9.5%CVE-2024-21900MEDIUMQTS, QuTS hero, QuTScloudEPSS 9.4%CVE-2026-2080HIGHUTT HiPER 810 formUser setSysAdm command injectionEPSS 9.4%CVE-2025-2126MEDIUMJoomlaUX JUX Real Estate GET Parameter realties sql injectionEPSS 9.4%CVE-2025-14884HIGHD-Link DIR-605 Firmware Update Service command injectionEPSS 9.4%CVE-2025-14108HIGHZSPACE Q2C NAS HTTP POST Request open zfilev2_api.OpenSafe command injectionEPSS 9.2%CVE-2026-3066MEDIUMHummerRisk Cloud Compliance Scanning PlatformUtils.java fixedCommand command injectionEPSS 9.1%CVE-2025-10628MEDIUMD-Link DIR-852 Web Management hedwig.cgi command injectionEPSS 8.8%CVE-2022-21705HIGHAuthenticated remote code execution in octobercmsEPSS 8.7%CVE-2025-2725HIGHH3C Magic BE18000 HTTP POST Request auth command injectionEPSS 8.6%CVE-2024-34544CRITICALA command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafteEPSS 8.5%CVE-2022-0391HIGHA flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings intoEPSS 8.3%CVE-2025-9584MEDIUMComfast CF-N1 webmgnt update_interface_png command injectionEPSS 8.3%CVE-2025-9586MEDIUMComfast CF-N1 webmgnt wireless_device_dissoc command injectionEPSS 8.3%CVE-2022-23614HIGHCode injection in TwigEPSS 8.3%CVE-2025-13799MEDIUMADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_del command injectionEPSS 8.3%CVE-2025-13800MEDIUMADSLR NBR1005GPEV2 send_order.cgi set_mesh_disconnect command injectionEPSS 8.3%