Weaknesses of type CWE-77
2,524 resultsCVE-2026-36734HIGHEDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input tEPSS 1.0%CVE-2026-44853HIGHAuthenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management InterfaceEPSS 1.0%CVE-2026-44854HIGHAuthenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management InterfaceEPSS 1.0%CVE-2024-30220HIGHCommand injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute EPSS 1.0%CVE-2024-35518HIGHNetgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter.EPSS 1.0%CVE-2025-24818HIGHAn OS Command Injection vulnerability in Nokia MantaRay NMEPSS 1.0%CVE-2023-26129HIGHAll versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwmEPSS 1.0%CVE-2025-44843MEDIUMTOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function EPSS 1.0%CVE-2024-43601HIGHVisual Studio Code for Linux Remote Code Execution VulnerabilityEPSS 1.0%CVE-2020-5299MEDIUMPotential CSV Injection vector in OctoberCMSEPSS 1.0%CVE-2026-22317HIGHCommand Injection Vulnerability in Root CA Certificate Transfer WorkflowEPSS 1.0%CVE-2024-29292CRITICALMultiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to exeEPSS 1.0%CVE-2025-55911MEDIUMAn issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameterEPSS 1.0%CVE-2024-36983HIGHCommand Injection using External LookupsEPSS 1.0%CVE-2025-58358HIGHMarkdownify is vulnerable to command injection through pptx-to-markdown toolEPSS 1.0%CVE-2022-25962HIGHAll versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization.
EPSS 1.0%CVE-2023-26127HIGHAll versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function.
*EPSS 1.0%CVE-2024-8640HIGHImproper Neutralization of Special Elements used in a Command ('Command Injection') in GitLabEPSS 1.0%CVE-2024-3483HIGHRemote Code Execution vulnerability in the iManagerEPSS 1.0%CVE-2024-37782CRITICALAn LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or exeEPSS 1.0%