CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-32314 LOW
Tenda AC500 V2.0.1.9 - Command Injection
CVSS 3.8
CVE-2024-32292 HIGH
Tenda W30E v1.0 V1.0.1.25(633) - OS Command Injection via cmdinput Parameter
CVSS 8.8
CVE-2024-32283 HIGH
Tenda FH1203 V2.0.1.6 - Command Injection
CVSS 7.3
CVE-2024-32282 MEDIUM
Tenda FH1202 v1.2.0.14 - Command Injection
CVSS 6.3
CVE-2024-32281 HIGH
Tenda AC7V1.0 v15.03.06.44 - OS Command Injection via cmdinput Parameter
CVSS 8.8
CVE-2024-3908 MEDIUM
Tenda AC500 2.0.1.9(1307) - OS Command Injection via formWriteFacMac mac Parameter
CVSS 6.3
CVE-2024-21117 MEDIUM
Oracle Outside In Technology 8.5.6 and 8.5.7 - Authenticated Command Injection in Outside In Core
CVSS 5.3
CVE-2024-32027 CRITICAL
Kohya_ss <23.1.5 - Command Injection
CVSS 9.1
CVE-2024-32026 CRITICAL
kohya_ss 22.6.1-23.1.5 - Command Injection in git_caption_gui.py
CVSS 9.1
CVE-2024-32025 CRITICAL
Kohya_ss <23.1.5 - Command Injection
CVSS 9.1
CVE-2024-32022 CRITICAL
kohya_ss 22.6.1-23.1.15 - Command Injection in basic_caption_gui.py
CVSS 9.1
CVE-2024-3871 CRITICAL
Delta Electronics DVW-W02W2-E2 <2.5.2 - RCE
CVSS 9.8
CVE-2024-3271 CRITICAL
llamaindex 0.10.6-0.10.25 - Remote Code Execution via safe_eval Underscore Bypass
CVSS 9.8
CVE-2024-30220 HIGH
PLANEX COMMUNICATIONS - Command Injection
CVSS 8.8
CVE-2024-3400 CRITICAL KEV
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
CVSS 10.0
CVE-2024-29269 HIGH
Telesquare TLR-2005KSH - Remote Command Execution
CVSS 8.8
CVE-2024-3566 CRITICAL
Windows - Command Injection
CVSS 9.8
CVE-2024-21322 HIGH
Microsoft Defender for IoT < 24.1.3 - Remote Code Execution
CVSS 7.2
CVE-2024-31811 HIGH
TOTOLINK EX200 V4.0.3c.7646_B20201211 - Remote Code Execution via setLanguageCfg langType Parameter
CVSS 8.0
CVE-2024-30891 HIGH
Tenda AC18 v15.03.05.05 - OS Command Injection via cmdinput Parameter
CVSS 8.8
CVE-2024-27981 CRITICAL
Self-Hosted UniFi Network Servers <8.0.28 - Command Injection
CVSS 9.8
CVE-2024-3116 HIGH
pgAdmin4 <= 8.4 - Remote Code Execution via Validate Binary Path API
CVSS 7.4
CVE-2024-3273 HIGH KEV
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L - OS Command Injection via nas_sharing.cgi System Parameter
CVSS 7.3
CVE-2024-30572 HIGH
Netgear R6850 1.1.0.88 - OS Command Injection via ntp_server Parameter
CVSS 8.0
CVE-2024-22246 HIGH
VMware SD-WAN Edge - Command Injection
CVSS 7.4
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits