Weaknesses of type CWE-77

2,513 results

CVE-2023-1671CRITICALA pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution EPSS 100.0%KEV CVE-2023-1389HIGHTP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form oEPSS 100.0%KEV CVE-2024-21887CRITICALA command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an autEPSS 100.0%KEV CVE-2024-3400CRITICALPAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtectEPSS 100.0%KEV CVE-2012-1823CRITICALsapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle queEPSS 100.0%KEV CVE-2024-3273HIGHD-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injectionEPSS 100.0%KEV CVE-2025-10035CRITICALDeserialization Vulnerability in GoAnywhere MFT's License ServletEPSS 99.6%KEV CVE-2023-23333CRITICALThere is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictiEPSS 99.3%CVE-2023-29084HIGHZoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.EPSS 98.4%CVE-2016-1555CRITICAL(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 EPSS 98.3%KEV CVE-2024-12987MEDIUMDrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injectionEPSS 98.1%KEV CVE-2023-20887CRITICALAria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations forEPSS 98.1%KEV CVE-2022-43781CRITICALThere is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to cEPSS 98.0%CVE-2023-0315HIGHCommand Injection in froxlor/froxlorEPSS 97.7%CVE-2007-3010CRITICALmasterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to exeEPSS 97.4%KEV CVE-2015-2051HIGHThe D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands viaEPSS 97.1%KEV CVE-2018-1111HIGHDHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager iEPSS 94.5%CVE-2024-29895CRITICALCacti command injection in cmd_realtime.phpEPSS 94.4%CVE-2025-4008HIGHArbitrary Command Injection in Smartbedded MeteoBridgeEPSS 93.9%KEV CVE-2024-55956CRITICALIn Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitEPSS 93.8%KEV

← previouspage 1 / 126next →