Vulnerabilities (CVE)

Filtered by CWE-77
Total 3384 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24032 1 Zimbra 1 Collaboration 2026-06-17 N/A 7.8 HIGH
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).
CVE-2023-23952 1 Broadcom 2 Advanced Secure Gateway, Content Analysis 2026-06-17 N/A 9.8 CRITICAL
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.
CVE-2023-23564 1 Geomatika 1 Isigeo Web 2026-06-17 N/A 8.8 HIGH
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands.
CVE-2023-23356 1 Qnap 1 Qufirewall 2026-06-17 N/A 5.5 MEDIUM
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QuFirewall 2.3.3 ( 2023/03/27 ) and later and later
CVE-2023-23355 1 Qnap 18 Qts, Quts Hero, Qutscloud and 15 more 2026-06-17 N/A 6.6 MEDIUM
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2348 build 20230324 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later
CVE-2023-23333 1 Contec 2 Solarview Compact, Solarview Compact Firmware 2026-06-17 N/A 9.8 CRITICAL
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
CVE-2023-23295 1 Korenix 29 Jetwave 2111, Jetwave 2111 Firmware, Jetwave 2111l and 26 more 2026-06-17 N/A 8.8 HIGH
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.
CVE-2023-23294 1 Korenix 29 Jetwave 2111, Jetwave 2111 Firmware, Jetwave 2111l and 26 more 2026-06-17 N/A 8.8 HIGH
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.
CVE-2023-23149 1 Dek-1705 Project 2 Dek-1705, Dek-1705 Firmware 2026-06-17 N/A 9.8 CRITICAL
DEK-1705 <=Firmware:34.23.1 device was discovered to have a command execution vulnerability.
CVE-2023-23080 1 Tenda 10 Cp3, Cp3 Firmware, Cp7 and 7 more 2026-06-17 N/A 9.8 CRITICAL
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908.
CVE-2023-22935 1 Splunk 2 Splunk, Splunk Cloud Platform 2026-06-17 N/A 8.1 HIGH
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
CVE-2023-22913 1 Zyxel 22 Usg Flex 100, Usg Flex 100 Firmware, Usg Flex 100w and 19 more 2026-06-17 N/A 8.1 HIGH
A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device.
CVE-2023-22884 1 Apache 2 Airflow, Apache-airflow-providers-mysql 2026-06-17 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.
CVE-2023-22816 1 Westerndigital 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more 2026-06-17 N/A 6.0 MEDIUM
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300.
CVE-2023-22815 1 Westerndigital 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more 2026-06-17 N/A 6.2 MEDIUM
Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have admin/root privileges to carry out the exploit. An authentication bypass is required for this exploit, thereby making it more complex. The attack may not require user interaction. Since an attacker must already be authenticated, the confidentiality impact is low while the integrity and availability impact is high.  This issue affects My Cloud OS 5 devices: before 5.26.300.
CVE-2023-22790 2 Arubanetworks, Hp 2 Arubaos, Instantos 2026-06-17 N/A 7.2 HIGH
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2023-22789 2 Arubanetworks, Hp 2 Arubaos, Instantos 2026-06-17 N/A 7.2 HIGH
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2023-22788 2 Arubanetworks, Hp 2 Arubaos, Instantos 2026-06-17 N/A 7.2 HIGH
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2023-22770 1 Arubanetworks 24 7010, 7030, 7205 and 21 more 2026-06-17 N/A 7.2 HIGH
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2023-22769 1 Arubanetworks 24 7010, 7030, 7205 and 21 more 2026-06-17 N/A 7.2 HIGH
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.