CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,570 vulnerabilities with CWE-77
CVE-2023-1708
MEDIUM
GitLab CE/EE <15.8.5-15.10.1 - Code Injection
CVSS 5.7
CVE-2023-20153
MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Commands
CVSS 6.0
CVE-2023-20122
MEDIUM
Cisco EPNM/ISE/Prime Infra - Privilege Escalation
CVSS 6.0
CVE-2023-20121
MEDIUM
Cisco EPNM/ISE/Prime Infra - Privilege Escalation
CVSS 6.0
CVE-2023-20152
MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Commands
CVSS 6.0
CVE-2023-20124
MEDIUM
Cisco Small Business RV016-325 - Command Injection
CVSS 6.5
CVE-2023-1877
CRITICAL
microweber/microweber <1.3.3 - Command Injection
CVSS 9.8
CVE-2023-26866
CRITICAL
GreenPacket OH736 WR-1200 Indoor Unit, OT-235 - Command Injection
CVSS 9.8
CVE-2023-1671
CRITICAL
KEV
Sophos Web Appliance <4.3.10.4 - Command Injection
CVSS 9.8
CVE-2023-28854
HIGH
nophp < 0.0.1 - OS Command Injection
CVSS 8.0
CVE-2023-28677
CRITICAL
Jenkins Convert To Pipeline Plugin <1.0 - RCE
CVSS 9.8
CVE-2023-26822
CRITICAL
D-Link Go-RT-AC750 - Command Injection
CVSS 9.8
CVE-2023-28935
HIGH
Apache UIMA DUCC - Command Injection
CVSS 8.8
CVE-2023-1685
MEDIUM
HadSky < 7.11.8 - Remote Command Injection via Installation Interface
CVSS 6.3
CVE-2023-23355
MEDIUM
QNAP QVR - Authenticated OS Command Injection
CVSS 6.6
CVE-2023-27232
CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - Command Injection
CVSS 9.8
CVE-2023-27231
CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - Command Injection
CVSS 9.8
CVE-2023-27229
CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - Command Injection
CVSS 9.8
CVE-2023-28712
HIGH
Osprey Pump Controller 1.01 - Command Injection
CVSS 8.2
CVE-2023-28430
HIGH
react-native-onesignal < 4.5.1 - Command Injection via Zapier.yml Workflow
CVSS 7.3
CVE-2023-26493
HIGH
Cocos Engine < 2023-02-20 - Command Injection via GitHub Actions Workflow
CVSS 8.1
CVE-2023-1141
HIGH
InfraSuite Device Master < 1.0.5 - Remote Code Execution via Command Injection
CVSS 8.8
CVE-2023-27796
HIGH
RG-EW PRO Series Firmware EW_3.0(1)B11P204 - OS Command Injection via diagnose.lua Parameters
CVSS 8.8
CVE-2023-26801
CRITICAL
LB-LINK BL-AC1900, BL-WR9000, BL-X26, and BL-LTE300 Firmware - OS Command Injection via mac, time1, and time2 Parameters
CVSS 9.8
CVE-2023-26800
CRITICAL
Ruijie Networks RG-EW1200 - Command Injection
CVSS 9.8
Details
Vulnerabilities
3,570
Exploit Likelihood
High