CWE-78: OS Command Injection

CVE-2021-22502 is an unauthenticated command injection vulnerability in Micro Focus Operation Bridge Reporter (OBR) that allows remote attackers to ex...

CVE-2020-7786 is a critical OS command injection vulnerability in the macfromip npm package. It allows attackers to execute arbitrary commands on syst...

CVE-2020-7782 is an OS command injection vulnerability in the spritesheet-js package that allows attackers to execute arbitrary commands on the host s...

CVE-2021-26541 is a command injection vulnerability in the gitlog npm package that allows attackers to execute arbitrary commands on the host system. ...

This CVE describes a command injection vulnerability in the Svakom Siime Eye device's web interface. Attackers can inject shell commands via the NFS s...

CVE-2021-3122 is a critical remote code execution vulnerability in NCR Command Center Agent (CMCAgent) on Aloha POS/BOH servers. It allows unauthentic...

CVE-2020-7775 is a critical OS command injection vulnerability in the freediskspace npm package. Attackers can execute arbitrary commands on affected ...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DNS-320 network storage devices by injecting malicious commands thr...

CVE-2021-23330 is a command injection vulnerability in the launchpad npm package that allows attackers to execute arbitrary commands on the host syste...

This vulnerability in the Ruby ftpd gem allows remote attackers to execute arbitrary operating system commands by injecting shell metacharacters in LI...

CVE-2020-35458 is a critical remote code execution vulnerability in ClusterLabs Hawk web interface versions 2.x through 2.3.0-x. Unauthenticated attac...

CVE-2020-7784 is a command injection vulnerability in the ts-process-promises npm package that allows attackers to execute arbitrary commands on the h...

CVE-2021-3029 is a critical OS command injection vulnerability in EVOLUCARE ECSIMAGING software that allows attackers to execute arbitrary commands wi...

This CVE allows remote attackers to execute arbitrary operating system commands on TP-Link TL-WR840N routers by injecting malicious commands into an I...

CVE-2020-35729 is a critical OS command injection vulnerability in KLog Server 2.4.1 that allows attackers to execute arbitrary commands on the server...

CVE-2020-35665 is an unauthenticated remote code execution vulnerability in TerraMaster TOS. Attackers can execute arbitrary commands on affected syst...

This vulnerability allows remote attackers to execute arbitrary operating system commands on Xinuos (formerly SCO) Openserver systems via shell metach...

CVE-2020-7781 is an OS command injection vulnerability in the connection-tester npm package that allows attackers to execute arbitrary commands on the...

This vulnerability allows remote attackers to execute arbitrary commands on OpenTSDB servers by injecting malicious code into the yrange parameter. At...

CVE-2020-20184 is a critical remote code execution vulnerability in GateOne web-based terminal emulator. Attackers can execute arbitrary commands by i...

CVE-2020-28439 is a critical OS command injection vulnerability in the corenlp-js-prefab npm package that allows attackers to execute arbitrary comman...

This vulnerability allows remote attackers to execute arbitrary commands on Askey AP5100W Dual-SIG WiFi mesh access points by injecting shell metachar...

CVE-2020-29311 is a critical remote command execution vulnerability in Ubilling v1.0.9 that allows attackers to execute arbitrary commands as the root...

CVE-2020-19527 is a critical OS command injection vulnerability in iCMS 7.0.14 that allows attackers to execute arbitrary commands on the server by in...

CVE-2020-29390 is a critical command injection vulnerability in Zeroshell 3.9.3 that allows unauthenticated attackers to execute arbitrary system comm...

This vulnerability allows remote attackers to execute arbitrary commands on affected V-SOL OLT devices by injecting malicious commands into filenames ...

This vulnerability allows attackers to escape from a restricted shell and gain root privileges on affected CDATA optical line terminal devices by expl...

CVE-2020-24719 is a critical vulnerability in Couchbase Server where the Erlang magic cookie (authentication secret) can be exposed in logs. Attackers...

CVE-2020-28347 is a command injection vulnerability in the tdpServer component of TP-Link Archer A7 AC1750 routers that allows remote attackers to exe...

CVE-2020-27744 is a critical remote code execution vulnerability affecting Western Digital My Cloud NAS devices. It allows attackers to execute arbitr...

CVE-2020-16257 is a command injection vulnerability in Winston Privacy devices version 1.5.4 that allows attackers to execute arbitrary commands via t...

CVE-2020-27976 is a critical remote command injection vulnerability in osCommerce Phoenix CE that allows attackers to execute arbitrary operating syst...

This vulnerability allows remote attackers to execute arbitrary code on Western Digital My Cloud NAS devices via the cgi_api.php file, potentially lea...

This vulnerability allows unauthenticated remote attackers to execute arbitrary Linux commands as root on affected WAVLINK routers. Attackers can gain...

This vulnerability allows remote attackers to execute arbitrary commands on Sophos SG UTM devices through the WebAdmin interface. It affects organizat...

This vulnerability allows unauthenticated attackers to execute arbitrary code with root privileges on Telmat AccessLog systems via the login page. It ...

CVE-2020-13802 allows remote attackers to execute arbitrary operating system commands on systems running vulnerable Rebar3 versions by injecting malic...

This vulnerability allows remote attackers to execute arbitrary commands as root on Moog EXO Series units by exploiting a command injection flaw in th...

This vulnerability allows remote attackers to execute arbitrary commands on systems running RangeeOS 8.0.4 with the Kommbox component. Attackers can e...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on affected SEOWON INTECH routers via the ipAddr parameter in...

CVE-2020-24032 is a command injection vulnerability in tz.pl on XoruX LPAR2RRD and STOR2RRD virtual appliances that allows attackers to execute arbitr...

CVE-2020-17368 is a command injection vulnerability in Firejail up to version 0.9.62 that allows attackers to execute arbitrary commands on the host s...

CVE-2020-13151 allows unauthenticated remote attackers to execute arbitrary operating system commands on Aerospike database servers by submitting mali...

CVE-2020-8178 is a critical OS command injection vulnerability in the jison npm package that allows attackers to execute arbitrary commands on affecte...

CVE-2020-13925 is a critical OS command injection vulnerability in Apache Kylin's REST API that allows remote attackers to execute arbitrary commands ...

This vulnerability allows remote attackers to execute arbitrary system commands on Tenda AC15 AC1900 routers via a specific endpoint. Attackers can ex...

This vulnerability allows remote attackers to execute arbitrary commands with root privileges on affected Wavlink routers by injecting shell metachara...

This vulnerability allows remote attackers to execute arbitrary code on Linkplay devices without user interaction. Attackers can retrieve AWS keys fro...

CVE-2020-13619 is a command injection vulnerability in Locutus PHP's escapeshellarg function that allows attackers to execute arbitrary commands on af...

CVE-2026-25130 is a critical argument injection vulnerability in the Cybersecurity AI (CAI) framework that allows remote code execution. Attackers can...