CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,567 vulnerabilities with CWE-77
CVE-2024-25951
HIGH
Dell iDRAC8 < 2.85.85.85 - Authenticated OS Command Injection via Local RACADM
CVSS 8.0
CVE-2024-23247
HIGH
macOS 12.0-12.7.3, 13.0-13.6.4, 14.0-14.3 - Remote Code Execution via File Processing
CVSS 7.8
CVE-2024-0817
HIGH
PaddlePaddle <2.6.0 - Command Injection
CVSS 7.8
CVE-2024-25613
HIGH
ArubaOS 8.10.0.0-8.10.0.9 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2024-25612
HIGH
ArubaOS 8.10.0.0-8.10.0.9 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2024-25611
HIGH
ArubaOS 8.10.0.0-8.10.0.9 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2024-1356
HIGH
ArubaOS 8.10.0.0-8.10.0.8 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2024-26298
HIGH
ClearPass Policy Manager 6.9.0-6.9.12 - Authenticated Remote Code Execution
CVSS 7.2
CVE-2024-26297
HIGH
ClearPass Policy Manager 6.9.0-6.9.12 - Authenticated Remote Code Execution
CVSS 7.2
CVE-2024-26296
HIGH
ClearPass Policy Manager 6.9.0-6.9.12 - Authenticated Remote Command Execution
CVSS 7.2
CVE-2024-26295
HIGH
ClearPass Policy Manager 6.9.0-6.9.12 - Authenticated Remote Code Execution
CVSS 7.2
CVE-2024-26294
HIGH
ClearPass Policy Manager 6.9.0-6.9.12 - Authenticated Remote Command Execution
CVSS 7.2
CVE-2024-22544
HIGH
Linksys E1700 Firmware 1.0.04 - Authenticated Remote Code Execution via setDateTime Function
CVSS 8.0
CVE-2024-25082
MEDIUM
FontForge <20230101 - Command Injection
CVSS 6.5
CVE-2024-25081
MEDIUM
FontForge <20230101 - Command Injection
CVSS 4.2
CVE-2024-1781
MEDIUM
Totolink X6000R AX3000 9.4.0cu.852_20230719 - Command Injection via setWizardCfg Function
CVSS 6.3
CVE-2024-25850
CRITICAL
Netis WF2780 v2.1.40144 - OS Command Injection via wps_ap_ssid5g Parameter
CVSS 9.8
CVE-2024-23346
CRITICAL
pymatgen < 2024.2.20 - Remote Code Execution via JonesFaithfulTransformation.from_transformation_str()
CVSS 9.3
CVE-2024-24377
CRITICAL
idocview < 14.1.3_20231228 - Remote Code Execution via Crafted Script
CVSS 9.8
CVE-2024-24301
HIGH
4ipnet EAP-767 Firmware 3.42.00 - Authenticated Command Injection
CVSS 8.8
CVE-2024-22093
HIGH
F5 BIG-IP 15.1.0-15.1.8 and BIG-IQ 8.0.0-8.2.0 - Authenticated Remote Command Injection via iControl REST Endpoint
CVSS 8.7
CVE-2024-1378
CRITICAL
GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via Nomad SMTP Template
CVSS 9.1
CVE-2024-1374
CRITICAL
GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via Nomad Templates
CVSS 9.1
CVE-2024-1372
CRITICAL
GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via SAML Settings
CVSS 9.1
CVE-2024-1369
CRITICAL
GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via Management Console Collectd Configuration
CVSS 9.1
Details
Vulnerabilities
3,567
Exploit Likelihood
High