Vulnerabilities (CVE)

Filtered by CWE-77
Total 3384 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-37425 2 Linux, Opennebula 2 Linux Kernel, Opennebula 2026-06-17 N/A 9.9 CRITICAL
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion.
CVE-2022-37125 1 Dlink 2 Dir-816, Dir-816 Firmware 2026-06-17 N/A 9.8 CRITICAL
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.
CVE-2022-36962 1 Solarwinds 1 Orion Platform 2026-06-17 N/A 7.2 HIGH
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.
CVE-2022-36786 1 Dlink 2 Dsl-224, Dsl-224 Firmware 2026-06-17 N/A 9.9 CRITICAL
DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router.
CVE-2022-36559 1 Seiko-sol 2 Skybridge Mb-a200, Skybridge Mb-a200 Firmware 2026-06-17 N/A 9.8 CRITICAL
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi.
CVE-2022-36556 1 Seiko-sol 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more 2026-06-17 N/A 9.8 CRITICAL
Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01.
CVE-2022-36554 1 Hytec 2 Hwl-2511-ss, Hwl-2511-ss Firmware 2026-06-17 N/A 9.8 CRITICAL
A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges.
CVE-2022-36553 1 Hytec 2 Hwl-2511-ss, Hwl-2511-ss Firmware 2026-06-17 N/A 9.8 CRITICAL
Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.
CVE-2022-36523 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2026-06-17 N/A 9.8 CRITICAL
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php.
CVE-2022-35518 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
CVE-2022-35503 2026-06-17 N/A 7.5 HIGH
Improper verification of a user input in Open Source MANO v7-v12 allows an authenticated attacker to execute arbitrary code within the LCM module container via a Virtual Network Function (VNF) descriptor. An attacker may be able execute code to change the normal execution of the OSM components, retrieve confidential information, or gain access other parts of a Telco Operator infrastructure other than OSM itself.
CVE-2022-34974 1 Dlink 2 Dir-810l, Dir-810l Firmware 2026-06-17 N/A 9.8 CRITICAL
D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function.
CVE-2022-34660 1 Siemens 1 Teamcenter 2026-06-17 N/A 9.8 CRITICAL
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter consist of a functionality that is vulnerable to command injection. This could potentially allow an attacker to perform remote code execution.
CVE-2022-34592 1 Wavlink 2 Wl-wn575a3, Wl-wn575a3 Firmware 2026-06-17 7.5 HIGH 9.8 CRITICAL
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request.
CVE-2022-32665 1 Mediatek 3 En7528, En7580, Linkit Software Development Kit 2026-06-17 N/A 9.8 CRITICAL
In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.
CVE-2022-32664 1 Mediatek 7 En7516, En7528, En7529 and 4 more 2026-06-17 N/A 8.8 HIGH
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.
CVE-2022-32449 1 Totolink 2 Ex300 V2, Ex300 V2 Firmware 2026-06-17 10.0 HIGH 9.8 CRITICAL
TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.
CVE-2022-32262 1 Siemens 1 Sinema Remote Connect Server 2026-06-17 7.5 HIGH 8.8 HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.
CVE-2022-32203 1 Huawei 2 Cv81-wdm, Cv81-wdm Firmware 2026-06-17 N/A 9.8 CRITICAL
There is a command injection vulnerability in Huawei terminal printer product. Successful exploitation could result in the highest privileges of the printer. (Vulnerability ID: HWPSIRT-2022-51773) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32203.
CVE-2022-32154 1 Splunk 2 Splunk, Splunk Cloud Platform 2026-06-17 4.0 MEDIUM 6.8 MEDIUM
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.