CWE-77: Command Injection — known CVE vulnerabilities
CVEs classified under CWE-77 (Command Injection), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-23652 — CVSS 10.0 (critical): Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized…
CVE-2025-59818 — CVSS 10.0 (critical): This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded…
CVE-2025-64093 — CVSS 10.0 (critical): Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.
CVE-2025-61492 — CVSS 10.0 (critical): A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary…
CVE-2024-48841 — CVSS 10.0 (critical): Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.
CVE-2024-39761 — CVSS 10.0 (critical): Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A…
CVE-2024-39760 — CVSS 10.0 (critical): Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A…
CVE-2024-39759 — CVSS 10.0 (critical): Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A…
CVE-2024-34166 — CVSS 10.0 (critical): An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505…
CVE-2024-20418 — CVSS 10.0 (critical): A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless…
CVE-2024-45066 — CVSS 10.0 (critical): A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.
CVE-2024-43693 — CVSS 10.0 (critical): A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary…
CVE-2024-29895 — CVSS 10.0 (critical): Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows…
CVE-2024-32766 — CVSS 10.0 (critical): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2024-28354 — CVSS 10.0 (critical): There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands…
CVE-2021-26729 — CVSS 10.0 (critical): Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an…
CVE-2021-26728 — CVSS 10.0 (critical): Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to…
CVE-2021-26727 — CVSS 10.0 (critical): Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow…
CVE-2022-21941 — CVSS 10.0 (critical): All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root…
CVE-2021-45630 — CVSS 10.0 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-27447 — CVSS 10.0 (critical): Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code.
CVE-2017-7876 — CVSS 10.0 (critical): This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already…
CVE-2017-7722 — CVSS 10.0 (critical): In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and…
CVE-2015-7541 — CVSS 10.0 (critical): The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows…
CVE-2015-5082 — CVSS 10.0 (critical): Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2)…
CVE-2015-6912 — CVSS 10.0 (critical): Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the…
CVE-2015-1986 — CVSS 10.0 (critical): The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified…
CVE-2015-1949 — CVSS 10.0 (critical): The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM…
CVE-2015-1938 — CVSS 10.0 (critical): The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified…
CVE-2015-3408 — CVSS 10.0 (critical): Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not…
CVE-2015-1815 — CVSS 10.0 (critical): The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary…
CVE-2014-9682 — CVSS 10.0 (critical): The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in…
CVE-2014-1905 — CVSS 10.0 (critical): Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for…
CVE-2014-9188 — CVSS 10.0 (critical): Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute…
CVE-2013-2810 — CVSS 10.0 (critical): Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with…
CVE-2026-52806 — CVSS 9.9 (critical): Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution (RCE) on…
CVE-2026-45663 — CVSS 9.9 (critical): Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the…
CVE-2026-20186 — CVSS 9.9 (critical): A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the…
CVE-2026-20147 — CVSS 9.9 (critical): A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the…
CVE-2016-15057 — CVSS 9.9 (critical): ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache…
CVE-2026-22688 — CVSS 9.9 (critical): WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a…
CVE-2025-58428 — CVSS 9.9 (critical): The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability…
CVE-2025-34267 — CVSS 9.9 (critical): Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability…
CVE-2025-22630 — CVSS 9.9 (critical): Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Marketing Fire Widget Options…
CVE-2024-9264 — CVSS 9.9 (critical): The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are…
CVE-2024-20432 — CVSS 9.9 (critical): A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged…
CVE-2024-21663 — CVSS 9.9 (critical): Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server…