CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,554 vulnerabilities with CWE-77
CVE-2026-1624 MEDIUM
D-Link DWR-M961 1.1.47 - Command Injection
CVSS 6.3
CVE-2026-1623 MEDIUM
Totolink A7000R 4.1cu.4154 - Remote Code Execution via setUpgradeFW FileName Parameter
CVSS 6.3
CVE-2026-1601 MEDIUM
Totolink A7000R 4.1cu.4154 - Remote Command Injection via setUploadUserData FileName Parameter
CVSS 6.3
CVE-2026-1596 MEDIUM
D-Link DWR-M961 1.1.47 - Command Injection via fota_url Parameter
CVSS 6.3
CVE-2026-1548 MEDIUM
Totolink A7000R 4.1cu.4154 - Remote Command Injection via CloudACMunualUpdateUserdata URL Parameter
CVSS 6.3
CVE-2026-1547 MEDIUM
Totolink A7000R 4.1cu.4154 - Remote Command Injection via setUnloadUserData plugin_name Parameter
CVSS 6.3
CVE-2026-1544 MEDIUM
D-Link DIR-823X 250416 - OS Command Injection via lan_gateway Parameter
CVSS 6.3
CVE-2026-24685 HIGH
OpenProject < 16.6.6 - Arbitrary File Write via Repository Diff Download Endpoint
CVSS 8.8
CVE-2026-1506 HIGH
D-Link DIR-615 4.10 - OS Command Injection via MAC Filter Configuration
CVSS 7.2
CVE-2026-1505 HIGH
D-Link DIR-615 4.10 - OS Command Injection via URL Filter Component
CVSS 7.2
CVE-2026-1448 HIGH
D-Link DIR-615 Firmware < 4.10 - OS Command Injection via ipaddr Parameter
CVSS 7.2
CVE-2026-1419 MEDIUM
D-Link DCS-700L Firmware 1.03.09 - OS Command Injection via LightSensorControl Parameter
CVSS 4.7
CVE-2026-1414 MEDIUM
Sangfor O&M Security Management System <= 3.0.12 - OS Command Injection
CVSS 6.3
CVE-2026-1413 MEDIUM
Sangfor O&M Security Management System <= 3.0.12 - Remote Command Injection
CVSS 6.3
CVE-2026-1412 HIGH
Sangfor O&M Security Management System <= 3.0.12 - Remote Command Injection
CVSS 7.3
CVE-2026-0779 HIGH
ALGO 8180 IP Audio Alerter - Command Injection
CVSS 8.8
CVE-2026-24132 CRITICAL
Orval <7.19.0 and 8.0.0-rc.0-8.0.2 - Code Injection
CVSS 9.8
CVE-2026-21520 HIGH
Microsoft Copilot Studio - Unauthenticated Exposure of Sensitive Information
CVSS 7.5
CVE-2026-1327 MEDIUM
Totolink NR1800X 9.1.0u.6279_B20210910 - OS Command Injection via setTracerouteCfg POST Parameter
CVSS 6.3
CVE-2026-1326 MEDIUM
Totolink NR1800X 9.1.0u.6279_B20210910 - OS Command Injection via Hostname Parameter in setWanCfg
CVSS 6.3
CVE-2026-1324 HIGH
Sangfor O&M Security Management System <= 3.0.12 - OS Command Injection
CVSS 8.8
CVE-2026-23947 CRITICAL
Orval < 7.19.0 and 8.0.0-rc.0-8.0.2 - Remote Code Execution via x-enumDescriptions Field
CVSS 9.8
CVE-2026-1192 HIGH
Tosei Online Store Management System 1.01 - Command Injection
CVSS 7.3
CVE-2026-1150 MEDIUM
Totolink LR350 9.3.5u.6369_B20220309 - Command Injection via setTracerouteCfg POST Parameter
CVSS 6.3
CVE-2026-1149 MEDIUM
Totolink LR350 9.3.5u.6369_B20220309 - OS Command Injection via setDiagnosisCfg ip Parameter
CVSS 6.3
Details
Vulnerabilities 3,554
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits