CWE-78: OS Command Injection

Cursor code editor versions 1.17 through 1.2 contain a UI information disclosure vulnerability in the MCP deeplink handler that allows attackers to ex...

CVE-2025-6514 is a critical OS command injection vulnerability in mcp-remote that allows remote code execution when connecting to malicious MCP server...

CVE-2025-5277 is a command injection vulnerability in aws-mcp-server that allows attackers to execute arbitrary commands on the host system by craftin...

CVE-2023-29120 is a critical OS command injection vulnerability in Waybox Enel X web management applications that allows authenticated attackers to ex...

CVE-2023-51698 is a critical command injection vulnerability in Atril document viewer that allows remote code execution when a user opens a malicious ...

This vulnerability in PaddlePaddle allows attackers to execute arbitrary operating system commands through command injection in the convert_shape_comp...

This vulnerability in PaddlePaddle allows attackers to execute arbitrary operating system commands through command injection in the get_online_pass_in...

CVE-2023-38673 is a command injection vulnerability in PaddlePaddle's fs.py module that allows attackers to execute arbitrary operating system command...

CVE-2023-33965 is a command injection vulnerability in Brook's tproxy server that allows remote code execution. Attackers can exploit this by tricking...

This CVE describes an OS command injection vulnerability in the Abode iota security system's wirelessConnect handler. An attacker can inject arbitrary...

This vulnerability allows authenticated remote attackers to execute arbitrary CLI commands on devices managed by Cisco DNA Center through command inje...

This CVE describes an OS command injection vulnerability in EasyCorp ZenTao Pro that allows authenticated attackers to execute arbitrary commands with...

A critical vulnerability in Trend Micro Apex One (on-premise) management console allows unauthenticated remote attackers to upload malicious code and ...

This CVE describes an OS command injection vulnerability in Dassault Systèmes' 3DEXPERIENCE platform and related products. Attackers can execute arbi...

This CVE describes an operating system command injection vulnerability in ekorCCP and ekorRCI software from Ormazabal. Authenticated attackers can exe...

CVE-2021-21386 is a command injection vulnerability in APKLeaks that allows remote attackers to execute arbitrary operating system commands via malici...

CVE-2020-15271 is a critical vulnerability in the lookatme Python package that allows remote code execution when rendering untrusted markdown content....

This vulnerability allows attackers to execute arbitrary operating system commands with root privileges within the container running bleon-ethical/api...

A typo in Froxlor's input validation code (== instead of =) disables email format checking for admin email settings. This allows authenticated admins ...

CVE-2026-25643 is a critical Remote Command Execution vulnerability in Frigate NVR software that allows attackers to execute arbitrary system commands...

ChurchCRM versions before 6.5.3 have a critical vulnerability in the Database Restore functionality that allows attackers to upload malicious files wi...

This vulnerability allows remote command injection in the HexStrike AI MCP server. Attackers can execute arbitrary commands with root privileges by se...

Dell CloudLink versions 8.0 through 8.1.2 have a vulnerability where privileged users with known passwords can escape the restricted shell, gaining fu...

This CVE describes an OS command injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server firmware that allows attackers to execu...

This vulnerability allows authenticated admin users with process-definition creation/modification privileges in Valtimo Business Process Automation pl...

CVE-2025-50989 is an authenticated command injection vulnerability in OPNsense firewall software that allows administrators to execute arbitrary syste...

A critical vulnerability in dedupe's GitHub Actions workflow allows attackers to execute arbitrary code by manipulating pull request comments. This co...

This vulnerability allows authenticated attackers to execute arbitrary commands as root on Ruckus wireless controllers by exploiting improper input sa...

This critical vulnerability allows remote attackers with administrator credentials to execute arbitrary operating system commands on affected devices ...

UNI-NMS-Lite contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands on affected systems. This ...

This vulnerability allows authenticated remote attackers to execute arbitrary code with root privileges on SENTRON 7KT PAC1260 Data Manager devices. A...

This vulnerability allows authenticated remote attackers to execute arbitrary code with root privileges on SENTRON 7KT PAC1260 Data Manager devices. T...

Dell Unity storage systems running version 5.4 or earlier contain an OS command injection vulnerability that allows unauthenticated remote attackers t...

This vulnerability allows authenticated administrators in Ivanti Cloud Services Application (CSA) to execute arbitrary operating system commands throu...

CVE-2024-51450 is an OS command injection vulnerability in IBM Security Verify Directory that allows authenticated remote attackers to execute arbitra...

CVE-2025-22604 is a command injection vulnerability in Cacti's SNMP result parser that allows authenticated users to execute arbitrary system commands...

This CVE describes a command injection vulnerability in Ivanti Connect Secure and Policy Secure that allows authenticated administrators to execute ar...

This CVE describes a command injection vulnerability in Ivanti Connect Secure and Ivanti Policy Secure that allows authenticated administrators to exe...

This vulnerability allows authenticated remote attackers with high privileges in SINEC INS to execute arbitrary operating system commands through impr...

This critical vulnerability in Dell Enterprise SONiC OS allows authenticated high-privileged attackers to execute arbitrary operating system commands ...

This vulnerability allows remote attackers to execute arbitrary operating system commands on WordPress servers running vulnerable versions of the Medi...

This vulnerability in pyLoad allows remote code execution by downloading executable files to the /.pyload/scripts folder and triggering script executi...

This vulnerability allows authenticated users with application creation permissions to execute arbitrary operating system commands by creating applica...

This vulnerability allows remote authenticated attackers to execute arbitrary commands on IBM Security Guardium systems by sending specially crafted r...

An OS command injection vulnerability in Peplink Smart Reader v1.2.0 allows authenticated attackers to execute arbitrary commands via the web interfac...

This CVE describes a command injection vulnerability in WBSAirback's Active Directory integration that allows attackers to execute arbitrary commands ...

This CVE describes a command injection vulnerability in LG webOS TVs that allows authenticated attackers to execute arbitrary commands as the dbus use...

This CVE describes a command injection vulnerability in LG webOS TV software that allows authenticated attackers to execute arbitrary commands as root...

This vulnerability allows admin users in Foreman to bypass safe mode restrictions in templates, enabling arbitrary code execution on the underlying op...

This CVE describes an XML injection vulnerability in Magento Commerce that allows authenticated administrators to execute arbitrary code remotely. Att...