CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,553 vulnerabilities with CWE-77
CVE-2026-41153
MEDIUM
JetBrains Junie <252.549.29 - Command Injection
CVSS 5.8
CVE-2026-6483
HIGH
Wavlink WL-WN530H4 internet.cgi snprintf os command injection
CVSS 7.2
CVE-2026-23779
MEDIUM
Dell PowerProtect Data Domain 7.7.1.0-8.5, 8.3.1.0-8.3.1.20, 7.13.1.0-7.13.1.50 - Authenticated Command Injection
CVSS 6.7
CVE-2026-23778
HIGH
Dell PowerProtect Data Domain 7.7.1.0-8.5, 8.3.1.0-8.3.1.20, 7.13.1.0-7.13.1.50 - Authenticated Command Injection
CVSS 7.2
CVE-2026-20186
CRITICAL
Cisco Identity Services Engine Multiple Authenticated Remote Code Execution Vulnerability
CVSS 9.9
CVE-2026-20147
CRITICAL
Cisco Identity Services Engine Remote Code Execution Vulnerability
CVSS 9.9
CVE-2026-30625
CRITICAL
Upsonic 0.71.6 MCP Tasks - OS Command Injection
CVSS 9.8
CVE-2026-30624
HIGH
Agent Zero 0.9.8 - Remote Code Execution via External MCP Servers Configuration
CVSS 8.6
CVE-2026-30617
HIGH
LangChain-ChatChat 0.3.1 - Remote Code Execution via MCP STDIO Server Configuration
CVSS 8.6
CVE-2026-30616
HIGH
Jaaz 1.0.30 MCP STDIO - Remote Command Execution
CVSS 7.3
CVE-2026-30615
HIGH
Windsurf 1.9544.26 - Command Injection
CVSS 8.0
CVE-2026-30461
HIGH
FuelCMS v1.5.2 - Authenticated Remote Code Execution via Git Submodule Addition
CVSS 8.3
CVE-2026-32183
HIGH
Windows Snipping Tool Remote Code Execution Vulnerability
CVSS 7.8
CVE-2026-23653
MEDIUM
GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
CVSS 5.7
CVE-2026-4786
HIGH
Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
CVE-2026-6219
MEDIUM
aandrew-me ytDownloader Compressor Feature compressor.js child_process.exec command injection
CVSS 5.3
CVE-2026-6195
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection
CVSS 9.8
CVE-2026-6158
HIGH
Totolink N300RH upgrade.so setUpgradeUboot os command injection
CVSS 7.3
CVE-2026-6156
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setIpQosRules os command injection
CVSS 9.8
CVE-2026-6155
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWanCfg os command injection
CVSS 9.8
CVE-2026-6154
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWizardCfg os command injection
CVSS 9.8
CVE-2026-6141
MEDIUM
danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection
CVSS 6.3
CVE-2026-6140
CRITICAL
Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection
CVSS 9.8
CVE-2026-6139
CRITICAL
Totolink A7100RU CGI cstecgi.cgi UploadOpenVpnCert os command injection
CVSS 9.8
CVE-2026-6138
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setAccessDeviceCfg os command injection
CVSS 9.8
Details
Vulnerabilities
3,553
Exploit Likelihood
High