CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,567 vulnerabilities with CWE-77
CVE-2024-51254
HIGH
DrayTek Vigor3900 1.5.1.3 - OS Command Injection via sign_cacertificate Function
CVSS 8.8
CVE-2024-48214
HIGH
KERUI HD 3MP 1080P Tuya Camera 1.0.4 - Command Injection
CVSS 8.4
CVE-2024-51258
HIGH
DrayTek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi doSSLTunnel
CVSS 8.8
CVE-2024-51301
HIGH
Draytek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi packet_monitor
CVSS 8.8
CVE-2024-51300
HIGH
Draytek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi get_rrd Function
CVSS 8.8
CVE-2024-51299
HIGH
Draytek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi dumpSyslog
CVSS 8.8
CVE-2024-51296
HIGH
Draytek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi pingtrace
CVSS 8.8
CVE-2024-51257
HIGH
DrayTek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi doCertificate
CVSS 8.8
CVE-2024-51304
HIGH
Draytek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi ldap_search_dn
CVSS 8.8
CVE-2024-41153
HIGH
Hitachi Energy TRO600 Series Firmware 9.1.0.0-9.2.0.5 - Authenticated OS Command Injection via Edge Computing UI
CVSS 7.2
CVE-2024-10435
MEDIUM
didi Super-Jacoco 1.0 - Command Injection
CVSS 6.3
CVE-2024-10429
HIGH
WAVLINK WN530H4, WN530HG4, WN572HG3 <= 20221028 - Command Injection
CVSS 7.2
CVE-2024-10428
HIGH
WAVLINK WN530H4, WN530HG4, and WN572HG3 up to 20221028 - Command Injection via dhcpGateway Argument in firewall.cgi
CVSS 7.2
CVE-2024-48145
CRITICAL
ChatNet AI v1.0 - Prompt Injection via Crafted Message
CVSS 9.1
CVE-2024-48144
CRITICAL
Fusion Chat Chat AI Assistant Ask Me Anything <1.2.4.0 - Info Discl...
CVSS 9.1
CVE-2024-48142
HIGH
Monica ChatGPT AI Assistant <2.4.0 - Code Injection
CVSS 7.5
CVE-2024-48141
HIGH
Zhipu AI CodeGeeX <2.17.0 - Info Disclosure
CVSS 7.5
CVE-2024-48140
HIGH
Monica Your AI Copilot <6.3.0 - Code Injection
CVSS 7.5
CVE-2024-48139
HIGH
Blackbox AI <1.3.95 - Info Disclosure
CVSS 7.5
CVE-2024-48441
HIGH
Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router <Commo...
CVSS 8.8
CVE-2024-48440
HIGH
Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router - Comm...
CVSS 8.8
CVE-2024-48904
CRITICAL
Trend Micro Cloud Edge 5.6-5.6.3228 - Unauthenticated Remote Code Execution via Command Injection
CVSS 9.8
CVE-2024-9287
HIGH
CPython < 3.9.21 - Command Injection via Unquoted Path in venv Module
CVSS 7.8
CVE-2024-40089
CRITICAL
Vilo 5 Mesh WiFi System <= 5.16.1.33 - Command Injection
CVSS 9.1
CVE-2024-35285
CRITICAL
Mitel MiCollab < 9.8.0.33 - Unauthenticated Command Injection via NuPoint Messenger Parameter
CVSS 9.8
Details
Vulnerabilities
3,567
Exploit Likelihood
High