Weaknesses of type CWE-77
2,523 resultsCVE-2025-11073MEDIUMKeyfactor RG-EW5100BE HTTP POST Request cmd command injectionEPSS 1.9%CVE-2022-21941CRITICALiSTAR UltraEPSS 1.9%CVE-2023-2682MEDIUMCaton Live Mini_HTTPD ping.cgi command injectionEPSS 1.9%CVE-2024-33788HIGHLinksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint.EPSS 1.9%CVE-2025-50756CRITICALWavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the newpass parameter. This EPSS 1.9%CVE-2026-7121CRITICALTotolink A8000RU CGI cstecgi.cgi setWizardCfg os command injectionEPSS 1.9%CVE-2023-24143CRITICALTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetwoEPSS 1.9%CVE-2023-24139CRITICALTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiagEPSS 1.9%CVE-2023-24144CRITICALTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg funcEPSS 1.9%CVE-2023-24140CRITICALTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDEPSS 1.9%CVE-2023-24142CRITICALTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkEPSS 1.9%CVE-2023-24141CRITICALTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetwEPSS 1.9%CVE-2023-24154CRITICALTOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.EPSS 1.9%CVE-2025-69256HIGHserverless MCP Server vulnerable to command injection in list-projects toolEPSS 1.9%CVE-2019-5424—In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This EPSS 1.9%CVE-2026-12187HIGHGL.iNet GL-MT3000 Online Firmware Upgrade one_click_upgrade command injectionEPSS 1.9%CVE-2025-64424CRITICALColify has command injection vulnerability in project git sourceEPSS 1.9%CVE-2017-12075HIGHCommand injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to eEPSS 1.9%CVE-2026-1601MEDIUMTotolink A7000R cstecgi.cgi setUploadUserData command injectionEPSS 1.9%CVE-2021-34809CRITICALImproper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology DEPSS 1.9%