CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,332 vulnerabilities with CWE-77
CVE-2026-32183
HIGH
Windows Snipping Tool Remote Code Execution Vulnerability
CVSS 7.8
CVE-2026-23653
MEDIUM
GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
CVSS 5.7
CVE-2026-4786
HIGH
Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
CVE-2026-6219
MEDIUM
aandrew-me ytDownloader Compressor Feature compressor.js child_process.exec command injection
CVSS 5.3
CVE-2026-6195
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection
CVSS 9.8
CVE-2026-6158
HIGH
Totolink N300RH upgrade.so setUpgradeUboot os command injection
CVSS 7.3
CVE-2026-6156
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setIpQosRules os command injection
CVSS 9.8
CVE-2026-6155
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWanCfg os command injection
CVSS 9.8
CVE-2026-6154
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWizardCfg os command injection
CVSS 9.8
CVE-2026-6141
MEDIUM
danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection
CVSS 6.3
CVE-2026-6140
CRITICAL
Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection
CVSS 9.8
CVE-2026-6139
CRITICAL
Totolink A7100RU CGI cstecgi.cgi UploadOpenVpnCert os command injection
CVSS 9.8
CVE-2026-6138
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setAccessDeviceCfg os command injection
CVSS 9.8
CVE-2026-6132
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection
CVSS 9.8
CVE-2026-6131
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setTracerouteCfg os command injection
CVSS 9.8
CVE-2026-6130
HIGH
chatboxai chatbox Model Context Protocol Server Management System ipc-stdio-transport.ts StdioClientTransport os command injection
CVSS 7.3
CVE-2026-6118
MEDIUM
AstrBotDevs AstrBot MCP Endpoint tools.py add_mcp_server command injection
CVSS 6.3
CVE-2026-6116
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setDiagnosisCfg os command injection
CVSS 9.8
CVE-2026-6115
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setAppCfg os command injection
CVSS 9.8
CVE-2026-6114
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setNetworkCfg os command injection
CVSS 9.8
CVE-2026-6113
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setTtyServiceCfg os command injection
CVSS 9.8
CVE-2026-6112
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection
CVSS 9.8
CVE-2026-6108
MEDIUM
1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection
CVSS 6.3
CVE-2026-6029
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setVpnAccountCfg os command injection
CVSS 9.8
CVE-2026-6028
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setPptpServerCfg os command injection
CVSS 9.8
Details
Vulnerabilities
3,332
Exploit Likelihood
High