Weaknesses of type CWE-77
2,524 resultsCVE-2026-26461MEDIUMA Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to executEPSS 0.8%CVE-2026-44872HIGHAuthenticated Arbitrary File Upload via Command Injection in AOS-8 AND AOS-10 Web-Based Management InterfaceEPSS 0.8%CVE-2019-17101MEDIUMCommand execution due to unsanitized input in Netatmo Smart Indoor Security CameraEPSS 0.8%CVE-2026-42258MEDIUMnet-imap: Command Injection via unvalidated Symbol inputsEPSS 0.8%CVE-2025-26627HIGHAzure Arc Installer Elevation of Privilege VulnerabilityEPSS 0.8%CVE-2026-5603MEDIUMelgentos magento2-dev-mcp index.ts executeMagerun2Command os command injectionEPSS 0.8%CVE-2025-3621CRITICALRemote Code Execution in ProTNS ActADUREPSS 0.8%CVE-2026-5602MEDIUMNor2-io heim-mcp new_heim_application tools.ts registerTools os command injectionEPSS 0.8%CVE-2025-37146HIGHUnauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code ExecutionEPSS 0.8%CVE-2026-21516HIGHGitHub Copilot for Jetbrains Remote Code Execution VulnerabilityEPSS 0.8%CVE-2026-7246HIGHPallets Click contains a command injection via Unsanitized Filename "click.edit()"EPSS 0.8%CVE-2024-41637HIGHRaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also posseEPSS 0.8%CVE-2024-32282MEDIUMTenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.EPSS 0.8%CVE-2025-37162MEDIUMAuthenticated Command Injection Vulnerability Leading to Arbitrary Remote Command ExecutionEPSS 0.8%CVE-2023-31476HIGHAn issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be creEPSS 0.8%CVE-2023-32700HIGHLuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs bEPSS 0.8%CVE-2024-21903MEDIUMQTS, QuTS heroEPSS 0.8%CVE-2025-55125HIGHThis vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuraEPSS 0.8%CVE-2026-38945HIGHCommand injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted pathEPSS 0.8%CVE-2024-57222MEDIUMLinksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps functiEPSS 0.8%