CWE-77— Command Injection
3,759 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-77page 57 of 76
- CVE-2025-29517MEDIUMCVSS 6.8EG 6.82025-08-25
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function.
- CVE-2025-29519MEDIUMCVSS 5.3EG 5.32025-08-25
A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request.
- CVE-2025-29522MEDIUMCVSS 6.5EG 6.52025-08-25
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function.
- CVE-2025-29523HIGHCVSS 7.2EG 7.22025-08-25
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function.
- CVE-2025-29628CRITICALCVSS 9.4EG 8.12025-07-25
A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vu…
- CVE-2025-29635HIGHCVSS 7.2EG 9.0⚠ KEV2025-03-25
A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, trigg…
- CVE-2025-29743MEDIUMCVSS 6.5EG 6.52025-04-22
D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.
- CVE-2025-2983MEDIUMCVSS 5.5EG 5.52025-03-31
A vulnerability has been found in Legrand SMS PowerView 1.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument redirect leads to os command injection. The exploit has be…
- CVE-2025-29887HIGHCVSS 7.2EG 7.22025-08-29
A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerabil…
- CVE-2025-3002HIGHCVSS 7.3EG 7.32025-03-31
A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320. This issue affects some unknown processing of the file /usr/local/WWW/function/audit/newstatistics/mon_merge_stat_hist.php. The man…
- CVE-2025-3008MEDIUMCVSS 5.5EG 5.52025-03-31
A vulnerability classified as critical has been found in Novastar CX40 up to 2.44.0. Affected is the function system/popen of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation leads to command injection.…
- CVE-2025-30264HIGHCVSS 8.8EG 8.82025-08-29
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed …
- CVE-2025-31644HIGHCVSS 8.7EG 8.72025-05-07
When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary…
- CVE-2025-31710MEDIUMCVSS 5.9EG 5.92025-06-03
In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
- CVE-2025-31951HIGHCVSS 8.8EG 8.82026-05-06
HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution.
- CVE-2025-3249MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to comma…
- CVE-2025-32702HIGHCVSS 7.8EG 7.82025-05-13
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
- CVE-2025-32711CRITICALCVSS 9.3EG 9.32025-06-11
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- CVE-2025-32813HIGHCVSS 7.2EG 7.22025-05-22
An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur.
- CVE-2025-34267CRITICALCVSS 9.9EG 9.92025-10-14
Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) wit…
- CVE-2025-3539HIGHCVSS 8.0EG 8.02025-04-13
A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getBas…
- CVE-2025-3540HIGHCVSS 8.0EG 8.02025-04-13
A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGI_WizardProtoProcess of the file /api/wizard/getCapability of…
- CVE-2025-3541HIGHCVSS 8.0EG 8.02025-04-13
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGI_WizardProtoProcess of the file /api/wizard/getSpec…
- CVE-2025-3542HIGHCVSS 8.0EG 8.02025-04-14
A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGI_WizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POS…
- CVE-2025-3543HIGHCVSS 8.0EG 8.02025-04-14
A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. This vulnerability affects the function FCGI_WizardProtoProcess of the file /api/wizard/setsyncpppoecf…
- CVE-2025-3544HIGHCVSS 8.0EG 8.02025-04-14
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/…
- CVE-2025-3545HIGHCVSS 8.0EG 8.02025-04-14
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizar…
- CVE-2025-3546HIGHCVSS 8.0EG 8.02025-04-14
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of…
- CVE-2025-3621CRITICALCVSS 9.6EG 9.62025-07-15
Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems. * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injec…
- CVE-2025-37089CRITICALCVSS 9.8EG 9.82025-06-02
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
- CVE-2025-37091HIGHCVSS 7.2EG 7.22025-06-02
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
- CVE-2025-37092CRITICALCVSS 9.8EG 9.82025-06-02
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
- CVE-2025-37096CRITICALCVSS 9.8EG 9.82025-06-02
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
- CVE-2025-37102HIGHCVSS 7.2EG 7.22025-07-08
An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary com…
- CVE-2025-37133HIGHCVSS 7.2EG 7.22025-10-14
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a p…
- CVE-2025-37134HIGHCVSS 7.2EG 7.22025-10-14
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a p…
- CVE-2025-37138MEDIUMCVSS 6.2EG 6.22025-10-14
An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardwar…
- CVE-2025-37146HIGHCVSS 7.2EG 7.22025-10-14
A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execu…
- CVE-2025-37162MEDIUMCVSS 6.5EG 6.52025-11-18
A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the unde…
- CVE-2025-37163HIGHCVSS 7.2EG 7.22025-11-18
A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands wit…
- CVE-2025-37176MEDIUMCVSS 6.5EG 6.52026-01-13
A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authentica…
- CVE-2025-3729HIGHCVSS 7.3EG 7.32025-04-16
A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file backup.php of the component Database Backup Handle…
- CVE-2025-3816MEDIUMCVSS 4.7EG 4.72025-04-19
A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. …
- CVE-2025-3983MEDIUMCVSS 4.7EG 4.72025-04-27
A vulnerability has been found in AMTT Hotel Broadband Operation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manager/system/nlog_down.php. The manipulation of the argument …
- CVE-2025-3987MEDIUMCVSS 6.3EG 6.32025-04-27
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The …
- CVE-2025-4008HIGHCVSS 8.8EG 9.0⚠ KEV2025-05-21
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an e…
- CVE-2025-4009CRITICALCVSS 9.3EG 0.02025-05-28
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product feat…
- CVE-2025-4010HIGHCVSS 8.6EG 0.02025-06-02
The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote aut…
- CVE-2025-4032MEDIUMCVSS 5.0EG 5.02025-04-28
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtual_environments/t…
- CVE-2025-4076MEDIUMCVSS 6.3EG 6.32025-04-29
A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easy_uci_set_option_string_0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the ar…
Map vulnerabilities like CWE-77 to your infrastructure
EchelonGraph correlates every CVE — across CWE-77 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →