CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,331 vulnerabilities with CWE-77
CVE-2026-6799
MEDIUM
Comfast CF-N1-S Endpoint mbox-config command injection
CVSS 6.3
CVE-2026-38835
CRITICAL
Tenda W30E V2.0 V16.01.0.21 - Command Injection
CVSS 9.8
CVE-2026-38834
HIGH
Tenda W30E V2.0 V16.01.0.21 - Command Injection
CVSS 7.3
CVE-2026-39866
HIGH
Lawnchair vulnerable to Command Injection via unquoted workflow dispatch input in release_update.yml
CVSS 8.8
CVE-2026-4048
HIGH
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
CVSS 8.4
CVE-2026-3519
HIGH
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
CVSS 8.4
CVE-2026-3518
HIGH
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
CVSS 8.4
CVE-2026-3517
HIGH
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
CVSS 8.4
CVE-2026-6576
MEDIUM
liangliangyy DjangoBlog WeChat Bot commonapi.py CommandHandler command injection
CVSS 6.3
CVE-2026-30898
HIGH
Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf
CVSS 8.8
CVE-2026-35682
HIGH
Anviz CX2 Lite Command Injection
CVSS 8.8
CVE-2026-21709
MEDIUM
Veeam Backup and Replication <12.3.2 - Auth Bypass
CVSS 6.7
CVE-2026-41153
MEDIUM
JetBrains Junie <252.549.29 - Command Injection
CVSS 5.8
CVE-2026-6483
HIGH
Wavlink WL-WN530H4 internet.cgi snprintf os command injection
CVSS 7.2
CVE-2026-23779
MEDIUM
Dell PowerProtect Data Domain < 8.6.0.0 or later - Command Injection
CVSS 6.7
CVE-2026-23778
HIGH
Dell PowerProtect Data Domain < 8.6.0.0 or later - Command Injection
CVSS 7.2
CVE-2026-20186
CRITICAL
Cisco Identity Services Engine Multiple Authenticated Remote Code Execution Vulnerability
CVSS 9.9
CVE-2026-20147
CRITICAL
Cisco Identity Services Engine Remote Code Execution Vulnerability
CVSS 9.9
CVE-2026-30625
CRITICAL
Upsonic 0.71.6 - RCE
CVSS 9.8
CVE-2026-30624
HIGH
Agent Zero 0.9.8 - RCE
CVSS 8.6
CVE-2026-30617
HIGH
LangChain-ChatChat 0.3.1 - RCE
CVSS 8.6
CVE-2026-30616
HIGH
Jaaz 1.0.30 - RCE
CVSS 7.3
CVE-2026-30615
HIGH
Windsurf 1.9544.26 - Command Injection
CVSS 8.0
CVE-2026-30461
HIGH
FuelCMS 1.5.2 - Authenticated RCE
CVSS 8.3
CVE-2026-32183
HIGH
Windows Snipping Tool Remote Code Execution Vulnerability
CVSS 7.8
Details
Vulnerabilities
3,331
Exploit Likelihood
High