CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-20432 CRITICAL
Cisco Nexus Dashboard Fabric Controller - Command Injection
CVSS 9.9
CVE-2024-20365 MEDIUM
Cisco Unified Computing System - Authenticated Command Injection via Redfish API
CVSS 6.5
CVE-2024-46084 HIGH
Scriptcase < 9.10.023 - Remote Code Execution via nm_unzip Function
CVSS 8.0
CVE-2024-44610 MEDIUM
PCAN-Ethernet Gateway <2.11.0 - Command Injection
CVSS 5.6
CVE-2024-9145 HIGH
Wiz Code <1.5.3 - Local Command Injection
CVE-2024-46256 CRITICAL
NginxProxyManager 2.11.3 - Remote Code Execution via Let's Encrypt Certificate Request
CVSS 9.8
CVE-2024-45989 MEDIUM
Monica AI Assistant desktop app <2.3.0 - Info Disclosure
CVSS 4.0
CVE-2024-39577 HIGH
Dell SmartFabric OS10 10.5.3.0-10.5.3.11 - Authenticated Remote Code Execution
CVSS 7.1
CVE-2024-8405 MEDIUM
PaperCut NG/MF - Windows Web Print DoS
CVSS 6.1
CVE-2024-7679 HIGH
Telerik UI for WPF < 2024.3.924 - Command Injection via Hyperlink Element
CVSS 7.8
CVE-2024-7575 HIGH
Telerik UI for WPF < 2024.3.924 - Command Injection via Hyperlink Element
CVSS 7.8
CVE-2024-45066 CRITICAL
ProGauge MAGLINK LX CONSOLE - Command Injection
CVSS 10.0
CVE-2024-43693 CRITICAL
Dover ProGauge MAGLINK LX <3.4.2.2.6 & LX4 <4.17.9e OS Command Injection
CVSS 10.0
CVE-2024-42507 CRITICAL
Aruba OS <= 10.6.0.2, <= 10.4.1.13, <= 8.10.0.13, <= 8.12.0.1 - Unauthenticated Remote Code Execution via PAPI UDP Port
CVSS 9.8
CVE-2024-42506 CRITICAL
Aruba OS <= 10.6.0.2, <= 10.4.1.13, <= 8.10.0.13, <= 8.12.0.1 - Unauthenticated Remote Code Execution via PAPI UDP Port
CVSS 9.8
CVE-2024-42505 CRITICAL
Aruba OS <= 10.6.0.2, <= 10.4.1.13, <= 8.10.0.13, <= 8.12.0.1 - Unauthenticated Remote Code Execution via PAPI UDP Port
CVSS 9.8
CVE-2024-0005 CRITICAL
Purity//FA 5.0.0-5.0.10 and Purity//FB 3.0.0-3.0.8 - Remote Command Execution via SNMP Configuration
CVSS 9.1
CVE-2024-45348 MEDIUM
Xiaomi Router AX9000 - Command Injection
CVSS 6.4
CVE-2024-9076 MEDIUM
dedecms < 5.7.115 - OS Command Injection via article_string_mix.php
CVSS 4.7
CVE-2024-45682 HIGH
Millbeck Proroute H685T-W Firmware - OS Command Injection
CVSS 8.8
CVE-2024-42025 HIGH
UniFi Network Application < 8.4.59 - Authenticated Command Injection via Self-Hosted Server
CVSS 7.8
CVE-2024-46048 CRITICAL
Tenda FH451 v1.0.0.9 - OS Command Injection via formexeCommand Function
CVSS 9.8
CVE-2024-8640 HIGH
GitLab EE <17.1.7-17.3.2 - Command Injection
CVSS 8.5
CVE-2024-45824 CRITICAL
Rockwell FactoryTalk View 12.0-13.0 - RCE via Path Traversal & Command Injection
CVSS 9.8
CVE-2024-44577 HIGH
RELY-PCIe <23.1.0 - Command Injection
CVSS 8.8
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits