Weaknesses of type CWE-77

2,524 results
CVE-2026-32063MEDIUMOpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit GenerationEPSS 1.1%CVE-2023-24467HIGHPossible Command Injection in OpenText iManagerEPSS 1.1%CVE-2025-2729HIGHH3C Magic BE18000 HTTP POST Request networkSetup command injectionEPSS 1.1%CVE-2025-2728HIGHH3C Magic NX30 Pro/Magic NX400 getNetworkConf command injectionEPSS 1.1%CVE-2025-2730HIGHH3C Magic BE18000 HTTP POST Request getssidname command injectionEPSS 1.1%CVE-2025-2731HIGHH3C Magic BE18000 HTTP POST Request getDualbandSync command injectionEPSS 1.1%CVE-2026-11447MEDIUMGL.iNet GL-MT3000 MTK Backend iwinfo.so iwinfo_backend command injectionEPSS 1.1%CVE-2026-10182MEDIUMTRENDnet TEW-432BRP formWlanSetup command injectionEPSS 1.1%CVE-2026-10166MEDIUMEdimax BR-6478AC POST Request formWlbasic command injectionEPSS 1.1%CVE-2024-11013HIGHCommand Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to VEPSS 1.1%CVE-2026-10550MEDIUMelunez eladmin Application Deployment App.java command injectionEPSS 1.1%CVE-2024-37570HIGHOn Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path paramEPSS 1.1%CVE-2025-3008MEDIUMNovastar CX40 NetFilter Utility netconfig popen command injectionEPSS 1.1%CVE-2026-9513MEDIUMTotolink CA750-PoE Setting cstecgi.cgi NTPSyncWithHost os command injectionEPSS 1.1%CVE-2026-11572HIGHVersions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of EPSS 1.1%CVE-2026-9512MEDIUMTotolink CA750-PoE Setting cstecgi.cgi setPasswordCfg os command injectionEPSS 1.1%CVE-2026-9511MEDIUMTotolink CA750-PoE Setting cstecgi.cgi setWebWlanIdx os command injectionEPSS 1.1%CVE-2025-60854CRITICALA vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change rEPSS 1.1%CVE-2025-53372HIGHnode-code-sandbox-mcp has a Sandbox Escape via Command InjectionEPSS 1.1%CVE-2023-51812CRITICALTenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlEPSS 1.1%