Vulnerabilities (CVE)

Filtered by CWE-77
Total 3383 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-40881 1 Contec 2 Solarview Compact, Solarview Compact Firmware 2026-06-17 N/A 9.8 CRITICAL
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php
CVE-2022-40770 1 Zohocorp 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus 2026-06-17 N/A 7.2 HIGH
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
CVE-2022-40765 1 Mitel 1 Mivoice Connect 2026-06-17 N/A 6.8 MEDIUM
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.
CVE-2022-40752 3 Ibm, Linux, Microsoft 5 Aix, Infosphere Information Server, Infosphere Information Server On Cloud and 2 more 2026-06-17 N/A 9.8 CRITICAL
IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID:  236687.
CVE-2022-40619 1 Netgear 20 R6230, R6230 Firmware, R6260 and 17 more 2026-06-17 N/A 7.7 HIGH
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.
CVE-2022-40282 1 Belden 2 Hirschmann Bat-c2, Hirschmann Bat-c2 Firmware 2026-06-17 N/A 8.8 HIGH
The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.
CVE-2022-40100 1 Tenda 2 I9, I9 Firmware 2026-06-17 N/A 9.8 CRITICAL
Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function.
CVE-2022-40022 1 Microchip 2 Syncserver S650, Syncserver S650 Firmware 2026-06-17 N/A 9.8 CRITICAL
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.
CVE-2022-40021 1 Qvidium 2 Amino A140, Amino A140 Firmware 2026-06-17 N/A 9.8 CRITICAL
QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a command injection vulnerability.
CVE-2022-3086 1 Moxa 100 Uc-2101-lx, Uc-2101-lx Firmware, Uc-2102-lx and 97 more 2026-06-17 N/A 7.1 HIGH
Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code.
CVE-2022-3008 2 Debian, Tinygltf Project 2 Debian Linux, Tinygltf 2026-06-17 N/A 8.1 HIGH
The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751
CVE-2022-39987 1 Raspap 1 Raspap 2026-06-17 N/A 8.8 HIGH
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.
CVE-2022-39986 1 Raspap 1 Raspap 2026-06-17 N/A 9.8 CRITICAL
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
CVE-2022-39073 1 Zte 2 Mf286r, Mf286r Firmware 2026-06-17 N/A 9.8 CRITICAL
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.
CVE-2022-38156 1 Kratosdefense 2 Spectralnet Narrowband, Spectralnet Narrowband Firmware 2026-06-17 N/A 7.2 HIGH
A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband (NB) before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user.
CVE-2022-37883 1 Arubanetworks 1 Clearpass Policy Manager 2026-06-17 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.
CVE-2022-37881 1 Arubanetworks 1 Clearpass Policy Manager 2026-06-17 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.
CVE-2022-37879 1 Arubanetworks 1 Clearpass Policy Manager 2026-06-17 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.
CVE-2022-37704 1 Zmanda 1 Amanda 2026-06-17 N/A 6.7 MEDIUM
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.
CVE-2022-37425 2 Linux, Opennebula 2 Linux Kernel, Opennebula 2026-06-17 N/A 9.9 CRITICAL
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion.