CWE-78: OS Command Injection

This OS command injection vulnerability in Nuvation Energy Multi-Stack Controller allows attackers to execute arbitrary operating system commands on a...

This OS command injection vulnerability in Nuvation Energy Multi-Stack Controller allows attackers to execute arbitrary operating system commands on a...

CVE-2025-68700 is a critical remote code execution vulnerability in RAGFlow where authenticated low-privilege users can execute arbitrary system comma...

CVE-2021-47745 is an authenticated command injection vulnerability in Cypress Solutions CTM-200 firmware that allows attackers with valid credentials ...

This vulnerability allows authenticated attackers to execute arbitrary system commands with administrative privileges in meterN energy monitoring soft...

This vulnerability allows authenticated remote attackers to execute arbitrary operating system commands on QNO Technology VPN Firewall devices. Attack...

This vulnerability allows authenticated remote attackers to execute arbitrary operating system commands on QNO Technology VPN Firewall devices. Attack...

This vulnerability allows authenticated attackers to execute arbitrary system commands on SOUND4 IMPACT/FIRST/PULSE/Eco systems through command inject...

CVE-2025-66210 is an authenticated command injection vulnerability in Coolify's Database Import functionality that allows users with application/servi...

Coolify versions before 4.0.0-beta.451 contain an authenticated command injection vulnerability in PostgreSQL initialization script filename handling....

Coolify versions before 4.0.0-beta.451 contain an authenticated command injection vulnerability in Dynamic Proxy Configuration Filename handling. User...

CVE-2025-66213 is an authenticated command injection vulnerability in Coolify's File Storage Directory Mount Path functionality. It allows users with ...

This CVE describes an authenticated command injection vulnerability in Atcom 100M IP Phones firmware that allows attackers with administrative credent...

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module. Attackers with valid session credentials can exploit the '...

CVE-2024-58287 is an authenticated command injection vulnerability in reNgine 2.2.0 that allows attackers to execute arbitrary commands on the server....

This vulnerability allows authenticated users of IBM Aspera Orchestrator to execute arbitrary commands with elevated system privileges due to improper...

This CVE describes an OS command injection vulnerability in Ruijie RG-BCR860 routers that allows attackers to execute arbitrary commands via crafted P...

This CVE describes an OS command injection vulnerability in Ruijie RG-S1930 switches that allows attackers to execute arbitrary commands via a crafted...

This CVE describes an OS command injection vulnerability in Ruijie M18 routers that allows attackers to execute arbitrary commands on the device via a...

This CVE describes an OS command injection vulnerability in Ruijie X30-PRO routers that allows attackers to execute arbitrary commands via a crafted P...

This CVE describes an OS command injection vulnerability in Ruijie X60 PRO routers that allows attackers to execute arbitrary commands on the device. ...

This CVE describes an OS command injection vulnerability in Ruijie X60 PRO routers that allows attackers to execute arbitrary commands on the device. ...

This CVE describes an OS command injection vulnerability in Ruijie RG-EW1800GX PRO wireless access points. Attackers can execute arbitrary commands on...

This CVE describes an OS command injection vulnerability in Ruijie RG-EW1200G PRO wireless access points. Attackers can execute arbitrary commands on ...

This CVE describes an OS command injection vulnerability in Ruijie RG-BCR600W routers that allows attackers to execute arbitrary commands via crafted ...

This CVE describes an OS command injection vulnerability in Ruijie X30-PRO routers that allows attackers to execute arbitrary commands on the device v...

This CVE describes an OS command injection vulnerability in Ruijie RG-BCR860 routers that allows attackers to execute arbitrary commands on the device...

This CVE describes an OS command injection vulnerability in Ruijie RG-BCR860 routers that allows attackers to execute arbitrary commands via a crafted...

This CVE describes an OS command injection vulnerability in Ruijie RG-BCR860 routers that allows attackers to execute arbitrary commands on the device...

This CVE describes an OS command injection vulnerability in Ruijie RG-YST EST devices that allows attackers to execute arbitrary commands via a crafte...

This CVE describes an OS command injection vulnerability in Ruijie RG-YST access points that allows attackers to execute arbitrary commands on the dev...

This CVE describes an OS command injection vulnerability in Ruijie X30-PRO routers that allows attackers to execute arbitrary commands on the device. ...

This vulnerability allows unprivileged local users to execute arbitrary commands with root privileges by exploiting improper input validation in the A...

This CVE describes a command injection vulnerability in Circutor SGE-PLC1000/SGE-PLC50 devices that allows attackers to execute arbitrary commands on ...

This vulnerability allows authenticated attackers to execute arbitrary commands with SYSTEM privileges on AudioCodes Fax Server and Auto-Attendant IVR...

This CVE describes an authenticated command injection vulnerability in AudioCodes Fax Server and Auto-Attendant IVR appliances. An authenticated user ...

A post-authentication command injection vulnerability in Zyxel DX3300-T0 firmware allows authenticated attackers to execute arbitrary operating system...

This vulnerability allows remote code execution in Cursor CLI Beta when a user clones a malicious GitHub repository containing a crafted .cursor/mcp.j...

This vulnerability in Cursor code editor allows attackers to execute arbitrary commands on a victim's system by tricking them into clicking a maliciou...

Nagios XI versions before 2024R2 contain an authenticated command injection vulnerability in the WinRM plugin. An authenticated administrator can inje...

Nagios XI versions before 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Authenticated administrators can inject shell comma...

This vulnerability allows authenticated attackers in Nagios XI to execute arbitrary commands on the server by injecting shell metacharacters into PDF ...

This vulnerability allows authenticated users with Core Config Manager access in Nagios XI to execute arbitrary commands on the host system by injecti...

This vulnerability allows authenticated users of Nagios XI to execute arbitrary commands on the server through the Component Download page. Attackers ...

This vulnerability allows authenticated users with access to the Auto-Discovery tool in Nagios XI to inject and execute arbitrary shell commands, pote...

The Jenkins Azure CLI Plugin vulnerability allows attackers with Item/Configure permission to execute arbitrary shell commands on the Jenkins controll...

This CVE describes a command injection vulnerability in IPFire firewall software that allows authenticated attackers to execute arbitrary commands as ...

This vulnerability allows a malicious OpenVPN server to execute arbitrary shell commands on client systems when DNS configuration updates are enabled....

This vulnerability allows authenticated users of the web management interface to execute arbitrary operating system commands on affected Omada/Tp-Link...

This CVE describes an OS command injection vulnerability in Microchip Time Provider 4100 devices that allows attackers to execute arbitrary operating ...