Weaknesses of type CWE-77

2,523 results
CVE-2025-22939CRITICALA command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root andEPSS 2.4%CVE-2023-27836CRITICALTP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the EPSS 2.4%CVE-2024-41318CRITICALTOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_EPSS 2.4%CVE-2026-7240CRITICALTotolink A8000RU CGI cstecgi.cgi setVpnAccountCfg os command injectionEPSS 2.4%CVE-2023-30135CRITICALTenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnloEPSS 2.4%CVE-2025-8937MEDIUMTOTOLINK N350R formSysCmd command injectionEPSS 2.4%CVE-2026-7244CRITICALTotolink A8000RU CGI cstecgi.cgi setWiFiEasyGuestCfg os command injectionEPSS 2.4%CVE-2025-1676MEDIUMhzmanyun Education and Training System pdf2swf os command injectionEPSS 2.4%CVE-2025-66219MEDIUMwillitmerge has a command Injection vulnerabilityEPSS 2.4%CVE-2018-5403Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basicEPSS 2.4%CVE-2023-49437CRITICALTenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlLisEPSS 2.4%CVE-2025-4653HIGHRemote Code Execution leads to Command InjectionEPSS 2.4%CVE-2023-27837CRITICALTP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the functiEPSS 2.4%CVE-2019-15575A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API throughEPSS 2.4%CVE-2024-29366HIGHA command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03.EPSS 2.4%CVE-2026-5177MEDIUMTotolink A3300R cstecgi.cgi setWiFiBasicCfg command injectionEPSS 2.4%CVE-2022-46640CRITICALNanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP requestEPSS 2.4%CVE-2022-32262HIGHA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload sEPSS 2.4%CVE-2023-31530HIGHMotorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter.EPSS 2.4%CVE-2025-24293CRITICAL# Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe imageEPSS 2.4%