CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,551 vulnerabilities with CWE-77
CVE-2026-12223
MEDIUM
Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injection
CVSS 5.5
CVE-2026-12219
MEDIUM
Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection
CVSS 6.3
CVE-2026-12197
HIGH
Ruijie EG105G-P JSON-RPC Diagnose Endpoint diagnose nslookup command injection
CVSS 7.2
CVE-2026-12187
HIGH
GL.iNet GL-MT3000 Online Firmware Upgrade one_click_upgrade command injection
CVSS 8.8
CVE-2026-12186
HIGH
GL.iNet GL-MT3000 Tor Proxy Service Configuration tor replace_country command injection
CVSS 8.8
CVE-2026-42850
HIGH
Kitty has a shell command injection
CVE-2026-46529
HIGH
PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
CVE-2026-45558
CRITICAL
Roxy-WI: Authenticated RCE on every managed HAProxy load balancer via `option` field config injection in section save
CVSS 9.9
CVE-2026-11572
HIGH
Degit - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 8.8
CVE-2026-11556
HIGH
Tenda F451 Web Management WriteFacMac formWriteFacMac os command injection
CVSS 8.8
CVE-2026-11487
MEDIUM
Neovim View Branch secure.lua M.read command injection
CVSS 5.3
CVE-2026-11455
MEDIUM
FoundationAgents MetaGPT common.py check_cmd_exists command injection
CVSS 5.0
CVE-2026-11452
HIGH
GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection
CVSS 7.3
CVE-2026-11451
HIGH
GL.iNet GL-MT3000 FTP Protocol glc snprintf command injection
CVSS 7.3
CVE-2026-11450
HIGH
GL.iNet GL-MT3000 Path Normalization dlopen command injection
CVSS 7.3
CVE-2026-11449
MEDIUM
GL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injection
CVSS 6.3
CVE-2026-11448
MEDIUM
GL.iNet GL-MT3000 Minidlna Service rpc realpath command injection
CVSS 4.7
CVE-2026-11447
MEDIUM
GL.iNet GL-MT3000 MTK Backend iwinfo.so iwinfo_backend command injection
CVSS 6.3
CVE-2026-11408
MEDIUM
vertex-app vertex Log Viewer Endpoint LogMod.js os command injection
CVSS 6.3
CVE-2026-11406
MEDIUM
GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection
CVSS 6.3
CVE-2026-11341
MEDIUM
D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection
CVSS 6.3
CVE-2026-11339
MEDIUM
D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection
CVSS 6.3
CVE-2026-10878
MEDIUM
D-Link DWR-M920 formSmsManage sub_41C8E8 command injection
CVSS 6.3
CVE-2026-45497
HIGH
Microsoft M365 Copilot Remote Code Execution Vulnerability
CVSS 7.7
CVE-2026-42824
MEDIUM
M365 Copilot Information Disclosure Vulnerability
CVSS 6.5
Details
Vulnerabilities
3,551
Exploit Likelihood
High