CWE-78: OS Command Injection

This vulnerability allows remote attackers to execute arbitrary operating system commands on PROLiNK PRC2402M routers by injecting shell metacharacter...

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attackers to bypass the sandboxed environment via the tra...

This critical OS command injection vulnerability allows unauthenticated attackers to execute arbitrary commands on affected systems by injecting malic...

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands on affected systems due to improper...

An OS command injection vulnerability (CWE-78) allows unauthenticated attackers to execute arbitrary commands on affected systems by injecting malicio...

This critical vulnerability in Samba allows unauthenticated remote attackers to execute arbitrary commands on affected systems by sending specially cr...

This critical OS command injection vulnerability in Iron Mountain Archiving Services EnVision allows attackers to execute arbitrary commands on the un...

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privileges on affected OZW672 and OZW772 devic...

This CVE describes an unauthenticated remote OS command injection vulnerability in ZendTo file transfer software. Attackers can execute arbitrary comm...

This CVE describes a critical Remote Code Execution vulnerability in MITRE Caldera's agent compilation functionality. Attackers can execute arbitrary ...

This is a critical command injection vulnerability in Aviatrix Controller that allows unauthenticated attackers to execute arbitrary operating system ...

CVE-2024-52034 is a critical OS command injection vulnerability in myPRO Manager that allows unauthenticated remote attackers to execute arbitrary ope...

This vulnerability allows remote attackers to bypass authentication and execute arbitrary commands on CyberPanel servers. Attackers can exploit unauth...

CVE-2024-51568 is a critical command injection vulnerability in CyberPanel that allows unauthenticated attackers to execute arbitrary commands on affe...

This critical vulnerability in Zimbra Collaboration's postjournal service allows unauthenticated attackers to execute arbitrary commands on affected s...

CVE-2024-7591 is an OS command injection vulnerability in Progress LoadMaster load balancers that allows attackers to execute arbitrary commands on th...

This critical vulnerability in Rust's standard library allows arbitrary command execution when spawning batch files on Windows with untrusted argument...

CVE-2024-2389 is a critical command injection vulnerability in Flowmon network monitoring software that allows unauthenticated attackers to execute ar...

CVE-2024-30247 is a critical command injection vulnerability in NextCloudPi that allows unauthenticated attackers to execute arbitrary commands as roo...

CVE-2024-1212 is a critical vulnerability in LoadMaster load balancers that allows unauthenticated remote attackers to execute arbitrary system comman...

This CVE describes an OS command injection vulnerability in Fortinet products that allows attackers to execute arbitrary commands via crafted API requ...

This CVE describes a critical OS command injection vulnerability in FreshTomato router firmware's iperfrun.cgi component. Attackers can execute arbitr...

This critical OS command injection vulnerability in Fortinet products allows attackers to execute arbitrary commands on affected systems by sending sp...

CVE-2023-3572 is a critical vulnerability in PHOENIX CONTACT WP 6xxx series web panels that allows remote, unauthenticated attackers to execute arbitr...

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that allows attackers to execute arbitrary commands on th...

CVE-2023-2131 is a critical OS command injection vulnerability in INEA ME RTU firmware that allows remote attackers to execute arbitrary code on affec...

CVE-2022-31137 is a critical remote code execution vulnerability in Roxy-WI web interface that allows unauthenticated attackers to execute arbitrary s...

CVE-2022-24803 is a critical command injection vulnerability in Asciidoctor-include-ext that allows attackers to execute arbitrary system commands whe...

CVE-2022-24796 is a critical remote code execution vulnerability in RaspberryMatic's WebUI file upload feature. Unauthenticated attackers with network...

This vulnerability allows remote, unauthenticated attackers to execute arbitrary operating system commands on Rockwell Automation FactoryTalk AssetCen...

CVE-2021-43981 is a critical OS command injection vulnerability in mySCADA myPRO versions 8.20.0 and earlier. Attackers can execute arbitrary operatin...

CVE-2021-44453 is a critical command injection vulnerability in mySCADA myPRO's debug interface that allows attackers to execute arbitrary operating s...

This vulnerability allows remote attackers to execute arbitrary operating system commands on mySCADA myPRO systems by injecting malicious commands thr...

This vulnerability allows unauthenticated remote attackers to execute arbitrary system commands as root on affected HomeMatic CCU devices via a simple...

CVE-2021-33841 is a critical OS command injection vulnerability in the SGE-PLC1000 device's firmware, allowing remote attackers to execute arbitrary c...

This critical vulnerability allows remote attackers with network access to execute arbitrary operating system commands on affected WAGO industrial con...

CVE-2020-6364 is a critical OS command injection vulnerability in SAP Solution Manager and SAP Focused Run that allows attackers to execute arbitrary ...

This vulnerability allows attackers with read/write access to Vitess backup storage locations to manipulate backup manifest files, leading to arbitrar...

CVE-2026-27728 is an OS command injection vulnerability in OneUptime's NetworkPathMonitor.performTraceroute() function that allows authenticated proje...

CVE-2026-27626 allows authenticated users to execute arbitrary OS commands on OliveTin hosts by injecting shell metacharacters through password-type a...

OpenProject versions before 16.6.7 and 17.0.3 contain an arbitrary file write vulnerability that can lead to remote code execution. Attackers with rep...

This vulnerability in n8n workflow automation platform allows authenticated users with workflow creation/modification permissions to execute arbitrary...

Signal K Server versions before 1.5.0 contain a command injection vulnerability in the set-system-time plugin that allows authenticated users with wri...

CVE-2026-24841 is a critical command injection vulnerability in Dokploy, a self-hosted PaaS, allowing authenticated attackers to execute arbitrary com...

A command injection vulnerability in Zoom Node Multimedia Routers allows meeting participants to execute arbitrary commands on the MMR system via netw...

CVE-2025-59157 is a command injection vulnerability in Coolify's Git Repository field during project creation. Unauthenticated user input is not prope...

StreamVault versions before 251126 contain a remote code execution vulnerability that allows attackers to execute arbitrary commands on the server. Ad...

CVE-2025-66209 is an authenticated command injection vulnerability in Coolify's Database Backup functionality. It allows users with application/servic...

An authenticated arbitrary file upload vulnerability in Pagekit CMS v1.0.18 allows attackers to upload malicious PHP files and execute arbitrary code ...

This CVE describes a command injection vulnerability in NeuVector's enforcer container where environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PO...