CWE-78: OS Command Injection

A critical vulnerability in dedupe's GitHub Actions workflow allows attackers to execute arbitrary code by manipulating pull request comments. This co...

This vulnerability allows authenticated attackers to execute arbitrary commands as root on Ruckus wireless controllers by exploiting improper input sa...

This critical vulnerability allows remote attackers with administrator credentials to execute arbitrary operating system commands on affected devices ...

UNI-NMS-Lite contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands on affected systems. This ...

This vulnerability allows authenticated remote attackers to execute arbitrary code with root privileges on SENTRON 7KT PAC1260 Data Manager devices. A...

This vulnerability allows authenticated remote attackers to execute arbitrary code with root privileges on SENTRON 7KT PAC1260 Data Manager devices. T...

Dell Unity storage systems running version 5.4 or earlier contain an OS command injection vulnerability that allows unauthenticated remote attackers t...

This vulnerability allows authenticated administrators in Ivanti Cloud Services Application (CSA) to execute arbitrary operating system commands throu...

CVE-2024-51450 is an OS command injection vulnerability in IBM Security Verify Directory that allows authenticated remote attackers to execute arbitra...

CVE-2025-22604 is a command injection vulnerability in Cacti's SNMP result parser that allows authenticated users to execute arbitrary system commands...

This CVE describes a command injection vulnerability in Ivanti Connect Secure and Policy Secure that allows authenticated administrators to execute ar...

This CVE describes a command injection vulnerability in Ivanti Connect Secure and Ivanti Policy Secure that allows authenticated administrators to exe...

This vulnerability allows authenticated remote attackers with high privileges in SINEC INS to execute arbitrary operating system commands through impr...

This critical vulnerability in Dell Enterprise SONiC OS allows authenticated high-privileged attackers to execute arbitrary operating system commands ...

This vulnerability allows remote attackers to execute arbitrary operating system commands on WordPress servers running vulnerable versions of the Medi...

This vulnerability in pyLoad allows remote code execution by downloading executable files to the /.pyload/scripts folder and triggering script executi...

This vulnerability allows authenticated users with application creation permissions to execute arbitrary operating system commands by creating applica...

This vulnerability allows remote authenticated attackers to execute arbitrary commands on IBM Security Guardium systems by sending specially crafted r...

An OS command injection vulnerability in Peplink Smart Reader v1.2.0 allows authenticated attackers to execute arbitrary commands via the web interfac...

This CVE describes a command injection vulnerability in WBSAirback's Active Directory integration that allows attackers to execute arbitrary commands ...

This CVE describes a command injection vulnerability in LG webOS TVs that allows authenticated attackers to execute arbitrary commands as the dbus use...

This CVE describes a command injection vulnerability in LG webOS TV software that allows authenticated attackers to execute arbitrary commands as root...

This vulnerability allows admin users in Foreman to bypass safe mode restrictions in templates, enabling arbitrary code execution on the underlying op...

This CVE describes an XML injection vulnerability in Magento Commerce that allows authenticated administrators to execute arbitrary code remotely. Att...

CVE-2023-3267 is an OS command injection vulnerability in CyberPower PowerPanel Enterprise that allows authenticated users to execute arbitrary comman...

This CVE describes an OS command injection vulnerability in Adobe Commerce (formerly Magento) that allows authenticated administrators to execute arbi...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on SAP ECC and S/4HANA systems with IS-OIL component....

This vulnerability allows authenticated administrators to execute arbitrary shell commands through the API in OSNexus QuantaStor storage systems. Atta...

This CVE describes a command injection vulnerability in Netgear Orbi RBR750 routers running firmware version 4.6.8.5. An authenticated attacker can se...

This CVE describes an authenticated remote command injection vulnerability in Aruba ClearPass Policy Manager. An attacker with valid credentials can e...

This CVE describes an authenticated remote command injection vulnerability in Aruba ClearPass Policy Manager. Attackers with valid credentials can exe...

This CVE describes an authenticated remote command injection vulnerability in Aruba ClearPass Policy Manager. Attackers with valid credentials can exe...

CVE-2022-25017 is a command injection vulnerability in Hitron CHITA devices that allows attackers to execute arbitrary commands on the system by injec...

This vulnerability allows authenticated high-privileged attackers with network access to the VMware Carbon Black App Control administration interface ...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands with root/admin privileges on affected systems. It af...

This vulnerability allows authenticated attackers to execute arbitrary commands on affected systems by sending specially crafted HTTP requests contain...

CVE-2021-21876 allows authenticated attackers to execute arbitrary commands via specially crafted HTTP PUT requests. This vulnerability affects system...

CVE-2021-41243 is a critical vulnerability in baserCMS that combines Zip Slip and OS command injection flaws. Authenticated users with file upload per...

This vulnerability allows remote attackers to execute arbitrary commands on InHand Networks IR615 routers by injecting commands through ping tools. At...

This vulnerability allows remote attackers to execute arbitrary commands on InHand Networks IR615 routers by injecting commands through traceroute too...

This CVE describes an XML injection vulnerability in Magento Commerce that allows authenticated attackers with admin privileges to execute arbitrary c...

CVE-2021-21585 is an OS command injection vulnerability in Dell OpenManage Enterprise's RACADM and IPMI tools. Remote authenticated users with high pr...

CVE-2020-5322 is a command injection vulnerability in Dell EMC OpenManage Enterprise-Modular (OME-M) that allows remote authenticated users with high ...

This CVE describes a command injection vulnerability in QSAN Storage Manager that allows remote privileged users to execute arbitrary commands on the ...

This vulnerability allows authenticated administrators in Moodle to execute arbitrary commands on the server through the legacy spellchecker plugin. A...

CVE-2020-28490 is a command injection vulnerability in async-git npm package versions before 1.13.2. Attackers can execute arbitrary shell commands by...

CVE-2021-21018 is an OS command injection vulnerability in Magento's scheduled operation module that allows authenticated attackers with admin console...

This vulnerability allows authenticated attackers with admin console access to execute arbitrary operating system commands on Magento servers via the ...

This CVE-2020-14324 is an authenticated OS command injection vulnerability in Red Hat CloudForms that allows attackers to execute arbitrary commands o...

CVE-2026-23520 is a command injection vulnerability in Arcane's docker management platform that allows authenticated users to execute arbitrary shell ...