CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,553 vulnerabilities with CWE-77
CVE-2026-2823
MEDIUM
Comfast CF-E7 2.6.0.9 - Command Injection
CVSS 6.3
CVE-2026-27001
HIGH
OpenClaw <2026.2.15 - Command Injection
CVSS 7.8
CVE-2026-2686
CRITICAL
SECCN Dingcheng G10 3.1.0.181203 - Command Injection
CVSS 9.8
CVE-2026-2670
HIGH
Advantech WISE-6610 1.2.1 - Command Injection
CVSS 7.2
CVE-2026-2629
HIGH
jishi node-sonos-http-api - Command Injection
CVSS 7.3
CVE-2026-22284
MEDIUM
Dell SmartFabric OS10 <10.5.6.12 - Command Injection
CVSS 6.6
CVE-2026-2615
HIGH
Wavlink WL-NU516U1 <20251208 - Command Injection
CVSS 7.2
CVE-2026-2560
MEDIUM
kalcaddle kodbox <1.64.05 - Command Injection
CVSS 6.3
CVE-2026-2548
MEDIUM
WAYOS FBM-220G 24.10.19 - Command Injection
CVSS 6.3
CVE-2026-2544
HIGH
yued-fe LuLu UI <3.0.0 - Command Injection
CVSS 7.3
CVE-2026-2537
MEDIUM
Comfast CF-E4 2.6.0.1 - Command Injection
CVSS 4.7
CVE-2026-2535
MEDIUM
Comfast CF-N1 V2 2.6.0.2 - Command Injection
CVSS 6.3
CVE-2026-2534
MEDIUM
Comfast CF-N1 V2 2.6.0.2 - Command Injection
CVSS 6.3
CVE-2026-2533
HIGH
Tosei Self-service Washing Machine 4.02 - Command Injection
CVSS 7.3
CVE-2026-2530
MEDIUM
Wavlink WL-WN579A3 <20210219 - Command Injection
CVSS 6.3
CVE-2026-2529
MEDIUM
Wavlink WL-WN579A3 <20210219 - Command Injection
CVSS 6.3
CVE-2026-2528
MEDIUM
Wavlink WL-WN579A3 <20210219 - Command Injection
CVSS 6.3
CVE-2026-2527
MEDIUM
Wavlink WL-WN579A3 <20210219 - Command Injection
CVSS 6.3
CVE-2026-2526
MEDIUM
Wavlink WL-WN579A3 <20210219 - Command Injection
CVSS 6.3
CVE-2026-26068
CRITICAL
emp3r0r <3.21.1 - Command Injection, Remote Code Execution
CVSS 9.9
CVE-2026-20675
MEDIUM
iPadOS < 18.7.5 - Out-of-bounds Read via Maliciously Crafted Image
CVSS 5.5
CVE-2026-20671
LOW
Apple watchOS <26.3 - Info Disclosure
CVSS 3.1
CVE-2026-21522
MEDIUM
Microsoft Confcom < 1.2.8 - Authenticated Command Injection
CVSS 6.7
CVE-2026-21518
HIGH
Visual Studio Code < 1.109.2 and 1.110.1 - Command Injection via GitHub Copilot Chat Extension
CVSS 8.8
CVE-2026-21516
HIGH
GitHub Copilot < 1.5.63 - Unauthenticated Remote Code Execution
CVSS 8.8
Details
Vulnerabilities
3,553
Exploit Likelihood
High