Weaknesses of type CWE-77
2,522 resultsCVE-2024-39782CRITICALMultiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A speciaEPSS 3.7%CVE-2025-7415MEDIUMTenda O3V2 httpd getTraceroute fromTraceroutGet command injectionEPSS 3.7%CVE-2025-57105CRITICALThe DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478DEPSS 3.7%CVE-2020-10518—Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise ServerEPSS 3.7%CVE-2025-15391MEDIUMD-Link DIR-806A SSDP Request ssdpcgi_main command injectionEPSS 3.7%CVE-2026-5105MEDIUMTotolink A3300R Parameter cstecgi.cgi setVpnPassCfg command injectionEPSS 3.7%CVE-2026-5178MEDIUMTotolink A3300R cstecgi.cgi setIptvCfg command injectionEPSS 3.7%CVE-2022-26826HIGHWindows DNS Server Remote Code Execution VulnerabilityEPSS 3.7%CVE-2026-5103MEDIUMTotolink A3300R cstecgi.cgi setUPnPCfg command injectionEPSS 3.6%CVE-2022-29184HIGHCommand Injection/Argument Injection in GoCDEPSS 3.6%CVE-2026-4558HIGHLinksys MR9600 SmartConnect.lua smartConnectConfigure os command injectionEPSS 3.6%CVE-2024-5194MEDIUMArris VAP2500 assoc_table.php command injectionEPSS 3.6%CVE-2025-11490MEDIUMwonderwhy-er DesktopCommanderMCP Absolute Path command-manager.ts extractBaseCommand os command injectionEPSS 3.6%CVE-2024-48705MEDIUMWavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection whEPSS 3.6%CVE-2025-60672MEDIUMAn unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in EPSS 3.6%CVE-2023-22659HIGHAn os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafEPSS 3.6%CVE-2024-12350MEDIUMJFinalCMS Template TemplateController.java update command injectionEPSS 3.6%CVE-2026-4210MEDIUMD-Link DNS-1550-04 time_machine.cgi cgi_tm_set_share command injectionEPSS 3.6%CVE-2024-22061HIGHA Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to exEPSS 3.6%CVE-2016-6558—The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to command injectionEPSS 3.5%