Vulnerabilities (CVE)

Filtered by CWE-77
Total 3410 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-28353 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2026-06-17 N/A 8.8 HIGH
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root shell privileges.
CVE-2024-28136 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2026-06-17 N/A 7.8 HIGH
A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service.
CVE-2024-28135 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2026-06-17 N/A 5.0 MEDIUM
A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected.
CVE-2024-28041 2026-06-17 N/A 8.8 HIGH
HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.
CVE-2024-27981 2026-06-17 N/A 9.8 CRITICAL
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device. Affected Products: UniFi Network Application (Version 8.0.28 and earlier) . Mitigation: Update UniFi Network Application to Version 8.1.113 or later.
CVE-2024-27980 2026-06-17 N/A 8.1 HIGH
Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
CVE-2024-27818 1 Apple 3 Ipados, Iphone Os, Macos 2026-06-17 N/A 7.8 HIGH
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution.
CVE-2024-27763 2026-06-17 N/A 5.3 MEDIUM
XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment variable.
CVE-2024-26298 1 Arubanetworks 1 Clearpass Policy Manager 2026-06-17 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26297 1 Arubanetworks 1 Clearpass Policy Manager 2026-06-17 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26296 1 Arubanetworks 1 Clearpass Policy Manager 2026-06-17 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26295 1 Arubanetworks 1 Clearpass Policy Manager 2026-06-17 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26294 1 Arubanetworks 1 Clearpass Policy Manager 2026-06-17 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26204 1 Microsoft 1 Outlook 2026-06-17 N/A 7.5 HIGH
Outlook for Android Information Disclosure Vulnerability
CVE-2024-25998 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2026-06-17 N/A 7.3 HIGH
An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation.
CVE-2024-25955 1 Dell 3 Powermax Eem, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance 2026-06-17 N/A 7.2 HIGH
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.
CVE-2024-25951 1 Dell 1 Idrac8 2026-06-17 N/A 8.0 HIGH
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
CVE-2024-25946 1 Dell 3 Powermax Eem, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance 2026-06-17 N/A 7.2 HIGH
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.
CVE-2024-25850 1 Netis-systems 2 Wf2780, Wf2780 Firmware 2026-06-17 N/A 9.8 CRITICAL
Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter
CVE-2024-25639 1 Khoj 1 Khoj 2026-06-17 N/A 5.9 MEDIUM
Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0.