Vulnerabilities (CVE)

Filtered by CWE-77
Total 3384 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0611 1 Trendnet 2 Tew-652brp, Tew-652brp Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219935.
CVE-2023-0351 1 Akuvox 2 E11, E11 Firmware 2026-06-17 N/A 8.8 HIGH
The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. This could allow an attacker to upload files with executable command instructions.
CVE-2023-0315 1 Froxlor 1 Froxlor 2026-06-17 N/A 8.8 HIGH
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
CVE-2023-0127 1 Dlink 2 Dwl-2600ap, Dwl-2600ap Firmware 2026-06-17 N/A 7.8 HIGH
A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root.
CVE-2023-0093 1 Okta 1 Advanced Server Access 2026-06-17 N/A 8.8 HIGH
Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment.
CVE-2022-4934 1 Sophos 1 Web Appliance 2026-06-17 N/A 7.2 HIGH
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
CVE-2022-4616 1 Deltaww 2 Dx-3021l9, Dx-3021l9 Firmware 2026-06-17 N/A 7.2 HIGH
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions.
CVE-2022-4364 1 Flir 2 Flir Ax8, Flir Ax8 Firmware 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 can resolve this issue. Upgrading the affected component is advised. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."
CVE-2022-4009 1 Octopus 1 Octopus Server 2026-06-17 N/A 8.8 HIGH
In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation
CVE-2022-4002 1 Motorola 2 Q14, Q14 Firmware 2026-06-17 N/A 7.2 HIGH
A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request.
CVE-2022-48338 1 Gnu 1 Emacs 2026-06-17 N/A 7.3 HIGH
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.
CVE-2022-48259 1 Huawei 2 Bisheng-wnm, Bisheng-wnm Firmware 2026-06-17 N/A 9.8 CRITICAL
There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could allow attackers to gain higher privileges.
CVE-2022-48255 1 Huawei 2 Bisheng-wnm, Bisheng-wnm Firmware 2026-06-17 N/A 9.8 CRITICAL
There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution.
CVE-2022-47028 1 Actionlauncher 1 Action Launcher 2026-06-17 N/A 5.5 MEDIUM
An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert.
CVE-2022-46642 1 Dlink 2 Dir-846, Dir-846 Firmware 2026-06-17 N/A 9.9 CRITICAL
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.
CVE-2022-46641 1 Dlink 2 Dir-846, Dir-846 Firmware 2026-06-17 N/A 9.9 CRITICAL
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function.
CVE-2022-46421 1 Apache 1 Apache-airflow-providers-apache-hive 2026-06-17 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0.
CVE-2022-46404 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2026-06-17 N/A 9.8 CRITICAL
A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.
CVE-2022-45796 1 Sharp 316 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 313 more 2026-06-17 N/A 9.1 CRITICAL
Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2022-45600 1 Aztech 2 Wmb250ac, Wmb250ac Firmware 2026-06-17 N/A 8.8 HIGH
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.