By weakness (CWE)

CWE-77: related vulnerabilities

CVEs classified under CWE-77. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

16 published vulnerabilities

  • CVE-2024-52011HIGH 8.3

    CVE-2024-52011 is a command injection vulnerability in the launch-editor library, a Node.js utility that opens files in text editors with specified line numbers. Before version 2.9.0, the library failed to properly sanitize filename input on Windows systems, allowing an attacker to inject and execute arbitrary commands by crafting a malicious filename. An attacker would need to trick a user into opening a specially crafted file—typically through a development workflow, build process, or IDE integration—to trigger code execution with the privileges of the affected user.

  • CVE-2026-10214HIGH 7.3

    A command injection vulnerability exists in the Bash Tool component of chatgpt-on-wechat versions up to 2.0.8. An attacker can remotely exploit a flaw in the _get_safety_warning function to execute arbitrary operating system commands without authentication. This issue is being actively exploited in the wild. Organizations using affected versions should prioritize upgrading to 2.0.9 immediately.

  • CVE-2026-10219HIGH 7.3

    nextlevelbuilder GoClaw versions up to 3.11.3 contain a command injection vulnerability in the write_file tool. An unauthenticated attacker can manipulate the WriteFile function to inject arbitrary operating system commands, which are then executed on the affected system. The vulnerability is remotely exploitable and does not require user interaction or special privileges.

  • CVE-2026-10273HIGH 7.3

    php-censor versions up to 2.1.6 contain a remote code execution vulnerability in the webhook processing logic. An attacker can manipulate the commitId parameter sent to the Webhook Endpoint to inject and execute arbitrary operating system commands on the affected server. No authentication is required, and the exploit technique has been publicly disclosed, increasing the likelihood of active exploitation.

  • CVE-2026-10870HIGH 7.2

    Shibby Tomato version 1.28.0000 contains a command injection vulnerability in its web-based configuration interface that allows authenticated administrators to execute arbitrary operating system commands on the router. An attacker with administrative access can manipulate the DHCP client startup function to inject malicious commands, potentially compromising the entire device and any network it serves. Exploit code has been published publicly, increasing the risk of opportunistic attacks.

  • CVE-2026-10871HIGH 7.2

    Shibby Tomato 1.28.0000 contains a remote command injection vulnerability in its Web UI. An authenticated administrator can craft a malicious request targeting the IPv6 6rd tunnel configuration function, injecting arbitrary operating system commands that execute with the privileges of the affected service. The vulnerability has been publicly disclosed, increasing the likelihood of active exploitation attempts.

  • CVE-2026-10872HIGH 7.2

    Shibby Tomato 1.28.0000 contains a vulnerability in the Web UI component that allows authenticated users with high-level privileges to inject operating system commands through the VPN server startup function. An attacker with administrative access could manipulate input parameters to execute arbitrary commands on the device, potentially compromising the entire router system. Public exploit information exists for this vulnerability.

  • CVE-2026-10873HIGH 7.2

    Shibby Tomato 1.28.0000 contains a command injection vulnerability in its web interface that allows authenticated administrators to execute arbitrary operating system commands. The vulnerability exists in the rstats_path function within the /bin/rstats component. Because exploit code has been publicly disclosed, the risk of active exploitation is elevated. Note that this project has been superseded by FreshTomato, and users should verify their upgrade path accordingly.

  • CVE-2026-10060MEDIUM 6.3

    TRENDnet's TEW-432BRP wireless router (firmware version 3.10B20) contains a command injection vulnerability in its route configuration interface. An authenticated attacker can manipulate IP, mask, or gateway parameters to inject arbitrary commands on the device. The vulnerability requires valid credentials but poses a direct threat to affected networks. Critically, this product reached end-of-life in 2009—over 15 years ago—and the vendor has stated it cannot replicate or fix vulnerabilities in legacy hardware.

  • CVE-2026-10061MEDIUM 6.3

    A command injection vulnerability exists in the TRENDnet TEW-432BRP wireless router (firmware version 3.10B20), discovered in the WPS configuration function. An authenticated attacker can manipulate the peerPin parameter to execute arbitrary commands on the device. The vulnerability is network-accessible and requires valid login credentials. Notably, this router reached end-of-life in 2009—over 15 years ago—and TRENDnet has stated they cannot replicate or provide fixes for vulnerabilities in this legacy hardware. While exploit code is public, the practical risk is limited to organizations still operating this obsolete equipment in production environments.

  • CVE-2026-10127MEDIUM 6.3

    A command injection vulnerability exists in Edimax BR-6478AC wireless routers running firmware version 1.23. An authenticated attacker can send a specially crafted web request to the device's configuration interface that tricks it into executing arbitrary system commands. The vulnerability stems from improper validation of the 'rootAPmac' parameter in the device's wireless driver setup function. Because proof-of-concept code has been publicly released, there is a meaningful risk that attackers will attempt to exploit this flaw in active environments.

  • CVE-2026-10166MEDIUM 6.3

    A command injection vulnerability exists in Edimax BR-6478AC version 1.23 that allows an authenticated attacker to execute arbitrary commands on the device. The flaw is in the web interface's wireless settings handler, where the rootAPmac parameter is not properly sanitized before being used in system commands. An attacker with valid login credentials can manipulate this parameter to inject malicious commands, potentially compromising router configuration, data, or availability. Public exploit details are available, increasing real-world risk.

  • CVE-2026-10180MEDIUM 6.3

    A command injection vulnerability exists in the TRENDnet TEW-432BRP router (firmware version 3.10B20) that allows authenticated users to execute arbitrary system commands through the formSysCmd web interface parameter. The vulnerability is in the /goform/formSysCmd endpoint and can be exploited remotely by anyone with network access and valid credentials. TRENDnet has not patched this issue because the router reached end-of-life in 2009 and is no longer supported.

  • CVE-2026-10182MEDIUM 6.3

    A remote command injection vulnerability exists in the TRENDnet TEW-432BRP wireless router running firmware version 3.10B20. An authenticated attacker can exploit the WLAN setup function by manipulating the 'enrollee' parameter to execute arbitrary commands on the device. The vulnerability has been publicly disclosed. However, this router reached end-of-life in 2009—over 15 years ago—and the vendor has stated they cannot replicate or fix vulnerabilities in products no longer supported. Organizations still operating this hardware face unpatched exposure.

  • CVE-2026-10279MEDIUM 6.3

    A remote command injection vulnerability exists in wezterm-mcp version 0.1.0, a WezTerm terminal multiplexer control plane component. An authenticated attacker can manipulate the pane_id parameter in requests to the switch_pane/write_to_specific_pane function to inject arbitrary operating system commands. The vulnerability requires valid credentials to exploit but poses a meaningful risk in environments where WezTerm MCP is exposed to untrusted users or networked clients.

  • CVE-2026-10550MEDIUM 6.3

    A command injection vulnerability exists in elunez eladmin versions up to 2.7 within the Application Deployment Module. An authenticated user can manipulate the uploadPath argument to inject arbitrary commands, leading to remote code execution on the affected system. The vulnerability requires valid credentials to exploit but does not need user interaction once authenticated. Public exploit code is available, increasing the risk of active exploitation.