CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,567 vulnerabilities with CWE-77
CVE-2024-48015
MEDIUM
Dell SmartFabric OS10 10.5.4.0-10.5.4.13, 10.5.5.x, 10.5.6.x, 10.6.0.x - Authenticated Command Injection
CVSS 6.7
CVE-2024-48830
HIGH
Dell SmartFabric OS10 10.5.4.0-10.5.4.13, 10.5.5.x, 10.5.6.x, 10.6.0.x - Authenticated Command Injection
CVSS 7.8
CVE-2024-12992
CRITICAL
Pandora FMS 700-777.6 - OS Command Injection
CVSS 9.8
CVE-2024-12971
HIGH
Pandora FMS authenticated command injection leading to RCE via chromium_path or phantomjs_bin
CVSS 8.8
CVE-2024-46662
HIGH
FortiManager 7.4.1-7.4.3 and FortiManager Cloud 7.4.1-7.4.3 - Command Injection via Crafted Packets
CVSS 8.8
CVE-2024-8402
LOW
GitLab EE <17.7.7-<17.9.2 - Code Injection
CVSS 3.7
CVE-2024-27763
MEDIUM
XPixelGroup BasicSR <=1.4.2 - Code Injection
CVSS 5.3
CVE-2024-13871
HIGH
Bitdefender Box 1 Firmware 1.3.11.490 - Unauthenticated Command Injection via /check_image_and_trigger_recovery Endpoint
CVSS 8.8
CVE-2024-53700
HIGH
Qnap Qurouter - Command Injection
CVSS 7.2
CVE-2024-53692
MEDIUM
QNAP QTS and QuTS hero - Authenticated OS Command Injection
CVSS 4.7
CVE-2024-57685
MEDIUM
sparkshop < 1.1.7 - Remote Code Execution via Crafted PHAR File
CVSS 5.3
CVE-2024-57608
MEDIUM
Via Browser 6.1.0 - Remote Code Execution via mark.via.Shell Component
CVSS 6.5
CVE-2024-12251
HIGH
Telerik UI for WinUI 2.0.0-2.0.0 - Command Injection via Hyperlink Element
CVSS 7.8
CVE-2024-33469
HIGH
Team Amaze Amaze File Manager <3.10 - RCE
CVSS 7.9
CVE-2024-55062
CRITICAL
EasyVirt CO2Scope < 1.3.0 and DCScope < 8.6.0 - Unauthenticated Remote Code Execution via License API
CVSS 9.8
CVE-2024-23971
HIGH
ChargePoint Home Flex Firmware - Unauthenticated Remote Code Execution via OCPP Message Handling
CVSS 8.8
CVE-2024-53615
MEDIUM
files.photo.gallery 0.3.0-0.11.0 - Remote Code Execution via Video Thumbnail Rendering
CVSS 6.5
CVE-2024-48841
CRITICAL
FLXEON <9.3.4 - Privilege Escalation
CVSS 10.0
CVE-2024-48419
HIGH
Edimax BR-6476AC 1.06 Authenticated Command Injection via tracerouteDiagnosis
CVSS 8.8
CVE-2024-57590
CRITICAL
TRENDnet TEW-632BRP v1.010B31 - OS Command Injection via NTP Server Parameter
CVSS 9.8
CVE-2024-52325
CRITICAL
ECOVACS Robot Lawnmowers and Vacuums - Unauthenticated Command Injection via SetNetPin()
CVSS 9.6
CVE-2024-57539
HIGH
Linksys E8450 v1.2.00.360516 - OS Command Injection via userEmail Parameter
CVSS 8.2
CVE-2024-57536
HIGH
Linksys E8450 v1.2.00.360516 - Command Injection via wizard_status
CVSS 8.0
CVE-2024-54794
CRITICAL
SpagoBI 3.5.1 - Remote Code Execution via Script Input Feature
CVSS 9.1
CVE-2024-57036
HIGH
TOTOLINK A810R V4.1.2cu.5032_B20200407 - Command Injection
CVSS 8.1
Details
Vulnerabilities
3,567
Exploit Likelihood
High