CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,552 vulnerabilities with CWE-77
CVE-2026-8753
MEDIUM
kalcaddle Kodbox fileThumb Plugin VideoResize.class.php parseVideoInfo command injection
CVSS 6.3
CVE-2026-46508
HIGH
Turborepo: VSCode Extension command injection
CVSS 7.8
CVE-2026-39054
HIGH
Oinone Pamirs 7.0.0 - Command Injection
CVSS 7.3
CVE-2026-24712
HIGH
CFEngine <3.21.8, <3.24.3, <3.27.0 - Command Injection
CVSS 7.3
CVE-2026-41953
HIGH
F5 BIG-IP 16.1.0-17.1.3.1/17.5.0-17.5.1.5/21.0.0-21.0.0.1/>=21.1.0 Privilege Escalation via Config Modification
CVSS 8.7
CVE-2026-40698
HIGH
F5 BIG-IP and BIG-IQ - Authenticated Privilege Escalation via SNMP Configuration Object Creation
CVSS 8.7
CVE-2026-40061
HIGH
BIG-IP 21.1.0-21.0.0.1 Authenticated Command Injection via iControl REST
CVSS 8.7
CVE-2026-36741
HIGH
U-SPEED AC1200 T18-21K V1.0 - Command Injection
CVSS 7.2
CVE-2026-44871
HIGH
HPE Aruba AOS-8 and AOS-10 - PAPI CLI Command Injection
CVSS 7.2
CVE-2026-44257
CRITICAL
efw4.X: RCE via zipslip
CVE-2026-44872
HIGH
Hewlett Packard Enterprise (hpe) Hpe Aruba Networking Wireless Operating System (aos) < 8.13.1.1 - Command Injection
CVSS 7.2
CVE-2026-44870
HIGH
HPE Aruba AOS-8 and AOS-10 - PAPI CLI Command Injection
CVSS 7.2
CVE-2026-44869
HIGH
Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10
CVSS 7.2
CVE-2026-44868
HIGH
Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10
CVSS 7.2
CVE-2026-44867
HIGH
Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10
CVSS 7.2
CVE-2026-44866
HIGH
Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10
CVSS 7.2
CVE-2026-44865
HIGH
Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10
CVSS 7.2
CVE-2026-44854
HIGH
Hewlett Packard Enterprise (hpe) Hpe Aruba Networking Wireless Operating System (aos) < 8.13.1.1 - Remote Code Execution
CVSS 7.2
CVE-2026-44853
HIGH
Hewlett Packard Enterprise (hpe) Hpe Aruba Networking Wireless Operating System (aos) < 8.13.1.1 - Remote Code Execution
CVSS 7.2
CVE-2026-8431
HIGH
Ops Manager RCE via webhook body
CVSS 7.2
CVE-2026-23823
HIGH
ArubaOS (AOS) 10.7.0.0-10.7.2.1 and 10.8.0.0 - Authenticated Command Injection via Command Line Interface
CVSS 7.2
CVE-2026-42893
HIGH
Microsoft Outlook for iOS Tampering Vulnerability
CVSS 7.4
CVE-2026-41611
HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVSS 7.8
CVE-2026-43990
HIGH
JunoClaw: plugin-shell shell-metacharacter injection via shell wrapper
CVSS 8.4
CVE-2026-40135
MEDIUM
OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVSS 6.5
Details
Vulnerabilities
3,552
Exploit Likelihood
High