Weaknesses of type CWE-77

2,523 results
CVE-2023-41029HIGHJuplink RX4-1500 Command Injection VulnerabilityEPSS 2.2%CVE-2026-6140CRITICALTotolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injectionEPSS 2.2%CVE-2026-10870HIGHShibby Tomato Web UI rc start_dhcpc os command injectionEPSS 2.2%CVE-2026-10871HIGHShibby Tomato Web UI rc start_6rd_tunnel os command injectionEPSS 2.2%CVE-2025-53355HIGHmcp-server-kubernetes vulnerable to command injection in several toolsEPSS 2.2%CVE-2025-8667MEDIUMSkyworkAI DeepResearchAgent tools.py from_mcp os command injectionEPSS 2.2%CVE-2025-8697MEDIUMagentUniverse MCPSessionManager/MCPTool/MCPToolkit StdioServerParameters os command injectionEPSS 2.2%CVE-2026-1623MEDIUMTotolink A7000R cstecgi.cgi setUpgradeFW command injectionEPSS 2.2%CVE-2026-5101MEDIUMTotolink A3300R Parameter cstecgi.cgi setLanCfg command injectionEPSS 2.2%CVE-2020-2490HIGHIf exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP SysteEPSS 2.2%CVE-2025-0328MEDIUMKaiYuanTong ECT Platform HTTP POST Request runCode.php command injectionEPSS 2.2%CVE-2026-6132CRITICALTotolink A7100RU CGI cstecgi.cgi setLedCfg os command injectionEPSS 2.2%CVE-2026-34243CRITICALwenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`EPSS 2.2%CVE-2025-57285CRITICALcodeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatEPSS 2.2%CVE-2026-5102MEDIUMTotolink A3300R Parameter cstecgi.cgi setSmartQosCfg command injectionEPSS 2.2%CVE-2025-52284MEDIUMTotolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parametEPSS 2.2%CVE-2023-29803CRITICALTOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN EPSS 2.2%CVE-2026-38835CRITICALTenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartEPSS 2.1%CVE-2024-45505HIGHApache HertzBeat: Exists Native Deser RCE and file writing vulnerabilitiesEPSS 2.1%CVE-2021-4304MEDIUMeprintsug ulcc-core toolbox command injectionEPSS 2.1%