CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,553 vulnerabilities with CWE-77
CVE-2026-5178
MEDIUM
Totolink A3300R cstecgi.cgi setIptvCfg command injection
CVSS 6.3
CVE-2026-5177
MEDIUM
Totolink A3300R cstecgi.cgi setWiFiBasicCfg command injection
CVSS 6.3
CVE-2026-5176
HIGH
Totolink A3300R cstecgi.cgi setSyslogCfg command injection
CVSS 7.3
CVE-2026-5153
MEDIUM
Tenda CH22 WriteFacMac FormWriteFacMac command injection
CVSS 6.3
CVE-2026-5125
MEDIUM
raine consult-llm-mcp server.ts child_process.execSync os command injection
CVSS 5.3
CVE-2026-5105
MEDIUM
Totolink A3300R Parameter cstecgi.cgi setVpnPassCfg command injection
CVSS 6.3
CVE-2026-5104
MEDIUM
Totolink A3300R cstecgi.cgi setStaticRoute command injection
CVSS 6.3
CVE-2026-5103
MEDIUM
Totolink A3300R cstecgi.cgi setUPnPCfg command injection
CVSS 6.3
CVE-2026-5102
MEDIUM
Totolink A3300R Parameter cstecgi.cgi setSmartQosCfg command injection
CVSS 6.3
CVE-2026-5101
MEDIUM
Totolink A3300R Parameter cstecgi.cgi setLanCfg command injection
CVSS 6.3
CVE-2026-5041
MEDIUM
code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection
CVSS 4.7
CVE-2026-5030
MEDIUM
Totolink NR1800X Telnet Service cstecgi.cgi NTPSyncWithHost command injection
CVSS 6.3
CVE-2026-5023
MEDIUM
DeDeveloper23 codebase-mcp RepoMix codebase.ts saveCodebase os command injection
CVSS 5.3
CVE-2026-5020
MEDIUM
Totolink A3600R Parameter cstecgi.cgi setNoticeCfg command injection
CVSS 6.3
CVE-2026-5012
HIGH
elecV2 elecV2P rpc pm2run os command injection
CVSS 7.3
CVE-2026-5007
MEDIUM
kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection
CVSS 5.3
CVE-2026-32241
HIGH
Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection
CVSS 7.5
CVE-2026-4840
HIGH
Netcore Power 15AX Diagnostic Tool netis.cgi setTools os command injection
CVSS 8.8
CVE-2026-4627
HIGH
D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection
CVSS 7.2
CVE-2026-4611
HIGH
TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826 - Command Injection
CVSS 7.2
CVE-2026-4591
MEDIUM
kalcaddle kodbox fileThumb Endpoint app.php checkBin os command injection
CVSS 4.7
CVE-2026-4585
CRITICAL
Tiandy Easy7 Integrated Management Platform Configuration ImportSystemConfiguration.jsp os command injection
CVSS 9.8
CVE-2026-4558
HIGH
Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection
CVSS 8.8
CVE-2026-4554
MEDIUM
Tenda F453 WriteFacMac FormWriteFacMac privilege escalation
CVSS 6.3
CVE-2026-4543
MEDIUM
Wavlink WL-WN578W2 POST Request firewall.cgi command injection
CVSS 6.3
Details
Vulnerabilities
3,553
Exploit Likelihood
High