CWE-78: OS Command Injection

CVE-2021-33055 is a critical remote code execution vulnerability in Zoho ManageEngine ADSelfService Plus that allows unauthenticated attackers to exec...

This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on affected Vizio Smart TVs by exploiting insuffici...

This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands with root privileges on LG N1T1*** 10124 Network At...

This vulnerability in Apache NiFi MiNiFi C++ allows remote attackers to execute arbitrary commands with the same privileges as the application binary....

This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on Sunhillo SureLine devices by injecting shell met...

CVE-2021-37344 allows remote attackers to execute arbitrary operating system commands on Nagios XI servers through the Switch Wizard component. This a...

CVE-2021-37346 allows remote attackers to execute arbitrary operating system commands on Nagios XI servers through the WatchGuard Wizard component. Th...

CVE-2020-23151 is a critical command injection vulnerability in rConfig that allows attackers to execute arbitrary commands on the server. The vulnera...

This vulnerability allows remote attackers to execute arbitrary commands on ProLink PRC2402M routers by injecting malicious commands into the TR069_lo...

This CVE describes a critical OS command injection vulnerability in Advantech R-SeeNet's ping.php script that allows unauthenticated attackers to exec...

This CVE describes a command injection vulnerability in the HNAP1/GetNetworkTomographySettings endpoint of Motorola CX2 routers. Attackers can exploit...

This CVE describes a command injection vulnerability in the HNAP1/SetWLanApcliSettings endpoint of Motorola CX2 routers. Attackers can execute arbitra...

This CVE describes an OS command injection vulnerability in QSAN XEVO storage management software that allows remote attackers to execute arbitrary co...

CVE-2021-32533 is a critical OS command injection vulnerability in QSAN SANOS storage management software. Remote attackers can execute arbitrary comm...

CVE-2021-32512 is a critical command injection vulnerability in QSAN Storage Manager's QuickInstall component that allows remote unauthenticated attac...

This CVE-2021-28802 is a critical command injection vulnerability in QNAP QTS and QuTS hero operating systems that allows attackers to execute arbitra...

This CVE-2021-28804 is a critical command injection vulnerability in QNAP QTS and QuTS hero operating systems that allows attackers to execute arbitra...

CVE-2021-33357 is a critical command injection vulnerability in RaspAP web interface that allows unauthenticated attackers to execute arbitrary operat...

CVE-2021-31324 is a command injection vulnerability in CentOS Web Panel's unprivileged user portal that allows attackers to execute arbitrary commands...

CVE-2021-32305 is a critical remote code execution vulnerability in WebSVN that allows attackers to execute arbitrary commands on the server by inject...

CVE-2021-32605 is a critical remote code execution vulnerability in zzzcms zzzphp that allows unauthenticated attackers to execute arbitrary operating...

CVE-2021-32090 is a critical command injection vulnerability in LocalStack's dashboard component that allows attackers to execute arbitrary shell comm...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on Cisco HyperFlex HX systems via the web-based management in...

CVE-2021-29369 is a critical OS command injection vulnerability in the @rkesters/gnuplot Node.js package. It allows attackers to execute arbitrary she...

This CVE describes a command injection vulnerability in China Mobile An Lianbao WF-1 routers that allows remote attackers to execute arbitrary command...

This vulnerability allows remote attackers to execute arbitrary commands on China Mobile An Lianbao WF-1 routers via command injection in the IGMP_PRO...

This vulnerability allows remote attackers to execute arbitrary commands on China Mobile An Lianbao WF-1 routers via command injection in the MLD_PROX...

This vulnerability allows remote attackers to execute arbitrary commands on China Mobile An Lianbao WF-1 routers via command injection in the iandlink...

This critical vulnerability allows remote, unauthenticated attackers to execute arbitrary operating system commands with elevated privileges on Symant...

This vulnerability allows remote attackers to execute arbitrary operating system commands on affected Aterm WG2600HS routers. Attackers can potentiall...

This vulnerability allows authenticated users on Fibaro Home Center 2 and Lite devices to execute arbitrary commands as the root user through command ...

CVE-2021-23376 is a critical command injection vulnerability in ffmpegdotjs that allows attackers to execute arbitrary commands on the host system. Th...

CVE-2021-23378 is a critical command injection vulnerability in the picotts npm package. Attackers can execute arbitrary system commands by providing ...

This CVE describes a critical command injection vulnerability in Tenda G0, G1, and G3 routers that allows remote attackers to execute arbitrary operat...

This CVE describes a critical command injection vulnerability in TOTOLINK routers that allows remote attackers to execute arbitrary operating system c...

This CVE describes a critical command injection vulnerability in TOTOLINK X5000R and A720R routers that allows remote attackers to execute arbitrary o...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-816 A2 routers by injecting shell metacharacters into HTTP para...

This vulnerability allows remote attackers to execute arbitrary commands on Genexis PLATINUM 4410 routers by injecting shell metacharacters into the s...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-846 routers via shell metacharacters in Wi-Fi SSID parameters. ...

CVE-2021-26810 is a remote command injection vulnerability in D-Link DIR-816 A2 routers that allows attackers to execute arbitrary commands on the dev...

This vulnerability allows remote attackers to execute arbitrary commands on affected Aruba Instant Access Points (IAPs) without authentication. It aff...

CVE-2020-1946 is a critical vulnerability in Apache SpamAssassin that allows malicious rule configuration files to execute arbitrary system commands w...

This vulnerability allows unauthenticated attackers to upload malicious PHP files through LUCY Security Awareness Software's Migration Tool, leading t...

CVE-2021-27886 is a command injection vulnerability in rakibtg Docker Dashboard that allows attackers to execute arbitrary commands on the host system...

CVE-2021-26476 is a critical OS command injection vulnerability in EPrints 3.4.2 that allows remote attackers to execute arbitrary commands on the ser...

CVE-2021-3342 is a critical vulnerability in EPrints 3.4.2 that allows remote attackers to read arbitrary files and potentially execute commands on th...

This vulnerability allows remote code execution in Scytl sVote 2.1 by injecting malicious payloads through election event aliases. Attackers can execu...

This vulnerability allows remote attackers to execute arbitrary operating system commands on SolarView Compact SV-CPT-MC310 devices with web server pr...

CVE-2019-25024 is an unauthenticated command injection vulnerability in OpenRepeater (ORP) that allows remote attackers to execute arbitrary commands ...

This vulnerability allows remote attackers to execute arbitrary commands on Netis WF2780 and WF2411 routers by injecting shell metacharacters into the...