Weaknesses of type CWE-77
2,524 resultsCVE-2026-5692MEDIUMTotolink A7100RU cstecgi.cgi setGameSpeedCfg os command injectionEPSS 1.4%CVE-2025-57685HIGHThe LB-Link routers, including the BL-AC2100_AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000_AE4 v2.4.9, BL-AC1900_AZ2 v1.0.2, BL-X26_AC8 v1.2.8, anEPSS 1.4%CVE-2025-67089HIGHA command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.instEPSS 1.4%CVE-2024-42506CRITICALUnauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI ProtocolEPSS 1.4%CVE-2024-42507CRITICALUnauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI ProtocolEPSS 1.4%CVE-2024-3154HIGHCri-o: arbitrary command injection via pod annotationEPSS 1.4%CVE-2025-59740CRITICALMultiple vulnerabilities in AndSoft's e-TMSEPSS 1.4%CVE-2025-59737CRITICALMultiple vulnerabilities in AndSoft's e-TMSEPSS 1.4%CVE-2025-59739CRITICALMultiple vulnerabilities in AndSoft's e-TMSEPSS 1.4%CVE-2016-4991—Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does EPSS 1.4%CVE-2025-59736CRITICALMultiple vulnerabilities in AndSoft's e-TMSEPSS 1.4%CVE-2025-59738CRITICALMultiple vulnerabilities in AndSoft's e-TMSEPSS 1.4%CVE-2026-39054HIGHOinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writeEPSS 1.4%CVE-2024-25255CRITICALSublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module. NOTE: multiple third parties repEPSS 1.4%CVE-2023-39293CRITICALA Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a maliciouEPSS 1.4%CVE-2026-5688MEDIUMTotolink A7100RU cstecgi.cgi setDdnsCfg os command injectionEPSS 1.4%CVE-2023-33487CRITICALTOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulneraEPSS 1.4%CVE-2026-6158MEDIUMTotolink N300RH upgrade.so setUpgradeUboot os command injectionEPSS 1.4%CVE-2023-33486CRITICALTOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerabilEPSS 1.4%CVE-2020-26300MEDIUMCommand injection in systeminformationEPSS 1.4%