CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,332 vulnerabilities with CWE-77
CVE-2026-5351
MEDIUM
Trendnet TEW-657BRM setup.cgi add_wps_client os command injection
CVSS 6.3
CVE-2026-5339
MEDIUM
Tenda G103 Setting gpon.lua action_set_net_settings command injection
CVSS 4.7
CVE-2026-5338
MEDIUM
Tenda G103 Setting system.lua action_set_system_settings command injection
CVSS 4.7
CVE-2026-5333
HIGH
DefaultFuction Content-Management-System tools.php command injection
CVSS 7.3
CVE-2026-5327
MEDIUM
efforthye fast-filesystem-mcp index.ts handleGetDiskUsage command injection
CVSS 6.3
CVE-2026-20096
MEDIUM
Cisco Integrated Management Controller Command Injection Vulnerability
CVSS 6.5
CVE-2026-20095
MEDIUM
Cisco Integrated Management Controller Command Injection Vulnerability
CVSS 6.5
CVE-2026-20094
HIGH
Cisco Integrated Management Controller Command Injection Vulnerability
CVSS 8.8
CVE-2026-34243
CRITICAL
wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`
CVSS 9.8
CVE-2026-30310
CRITICAL
Sixth - Arbitrary Command Execution via Prompt Injection
CVSS 9.8
CVE-2026-4399
HIGH
Multiple vulnerabilities in 1millionbot Millie chatbot
CVSS 7.5
CVE-2026-5184
MEDIUM
TRENDnet TEW-713RE setSysAdm command injection
CVSS 6.3
CVE-2026-5183
MEDIUM
TRENDnet TEW-713RE addRouting sub_421494 command injection
CVSS 6.3
CVE-2026-5178
MEDIUM
Totolink A3300R cstecgi.cgi setIptvCfg command injection
CVSS 6.3
CVE-2026-5177
MEDIUM
Totolink A3300R cstecgi.cgi setWiFiBasicCfg command injection
CVSS 6.3
CVE-2026-5176
HIGH
Totolink A3300R cstecgi.cgi setSyslogCfg command injection
CVSS 7.3
CVE-2026-5153
MEDIUM
Tenda CH22 WriteFacMac FormWriteFacMac command injection
CVSS 6.3
CVE-2026-5125
MEDIUM
raine consult-llm-mcp server.ts child_process.execSync os command injection
CVSS 5.3
CVE-2026-5105
MEDIUM
Totolink A3300R Parameter cstecgi.cgi setVpnPassCfg command injection
CVSS 6.3
CVE-2026-5104
MEDIUM
Totolink A3300R cstecgi.cgi setStaticRoute command injection
CVSS 6.3
CVE-2026-5103
MEDIUM
Totolink A3300R cstecgi.cgi setUPnPCfg command injection
CVSS 6.3
CVE-2026-5102
MEDIUM
Totolink A3300R Parameter cstecgi.cgi setSmartQosCfg command injection
CVSS 6.3
CVE-2026-5101
MEDIUM
Totolink A3300R Parameter cstecgi.cgi setLanCfg command injection
CVSS 6.3
CVE-2026-5041
MEDIUM
code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection
CVSS 4.7
CVE-2026-5030
MEDIUM
Totolink NR1800X Telnet Service cstecgi.cgi NTPSyncWithHost command injection
CVSS 6.3
Details
Vulnerabilities
3,332
Exploit Likelihood
High