CWE-78: OS Command Injection

This vulnerability allows a malicious OpenVPN server to execute arbitrary shell commands on client systems when DNS configuration updates are enabled....

This vulnerability allows authenticated users of the web management interface to execute arbitrary operating system commands on affected Omada/Tp-Link...

This CVE describes an OS command injection vulnerability in Microchip Time Provider 4100 devices that allows attackers to execute arbitrary operating ...

This CVE describes an OS command injection vulnerability in the Curo UC300 admin panel where local attackers can execute arbitrary operating system co...

This CVE describes OS command injection vulnerabilities in Planet WGR-500 routers that allow remote attackers to execute arbitrary commands via specia...

This CVE describes OS command injection vulnerabilities in Planet WGR-500 routers that allow remote attackers to execute arbitrary commands via specia...

This CVE describes OS command injection vulnerabilities in Planet WGR-500 routers that allow remote attackers to execute arbitrary commands via specia...

This CVE describes an OS command injection vulnerability in N-Partner's N-Reporter, N-Cloud, and N-Probe products. Authenticated remote attackers can ...

CVE-2025-55211 allows authenticated FreePBX administrators to execute arbitrary shell commands by manipulating language settings in the framework modu...

This CVE describes an OS command injection vulnerability in 1panel's SSH operation function that allows attackers to execute arbitrary commands on the...

This vulnerability allows authenticated users to execute arbitrary shell commands on Cacti servers through improper input handling in the graph_view.p...

CVE-2025-8748 is a command injection vulnerability in MiR robot software that allows authenticated users to execute arbitrary operating system command...

This CVE describes an authenticated OS command injection vulnerability in multiple D-Link router models that allows attackers with valid credentials t...

An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows attackers with valid credentials to execut...

An authenticated remote attacker can execute arbitrary operating system commands with root privileges on affected devices by exploiting improper input...

CVE-2025-53376 is a command injection vulnerability in Dokploy that allows authenticated low-privileged users to execute arbitrary operating system co...

This vulnerability allows authenticated users in Pandora FMS to execute arbitrary operating system commands through the net_tools.php functionality. A...

This vulnerability allows authenticated users with node group editing permissions in Puppet Enterprise to execute arbitrary commands as root on the pr...

This vulnerability allows remote authenticated attackers to execute arbitrary operating system commands on affected WRC-X3000 series routers through t...

This CVE describes an OS command injection vulnerability in Blue Angel Software Suite's web interface that allows authenticated attackers to execute a...

An authenticated OS command injection vulnerability in Edimax EW-7438RPn firmware allows attackers to execute arbitrary commands as root via the mp.as...

This vulnerability in File::Find::Rule Perl module allows arbitrary command execution when processing malicious filenames. Attackers can execute syste...

This vulnerability allows attackers on the same network to execute arbitrary commands on eCharge Hardy Barth cPH2 charging stations without authentica...

This vulnerability allows network-adjacent attackers to execute arbitrary commands on eCharge Hardy Barth cPH2 charging stations without authenticatio...

A remote authenticated attacker with low privileges can execute arbitrary operating system commands as root on affected ctrlX OS systems via crafted H...

This CVE describes an OS command injection vulnerability in the WEB UI setting page of Wi-Fi AP UNIT 'AC-WPS-11ac series' devices. If exploited, a rem...

Xorcom CompletePBX versions up to 5.2.35 contain an authenticated command injection vulnerability in the administrator Task Scheduler functionality. A...

This vulnerability in Cisco IOS XR Software allows an authenticated, low-privileged local attacker to execute arbitrary commands as root on the underl...

This vulnerability allows authenticated attackers with read-only admin permissions and CLI access to execute arbitrary operating system commands on Fo...

This CVE describes an OS command injection vulnerability in Fortinet FortiSandbox that allows authenticated users with read-only permissions to execut...

A command injection vulnerability in Emacs allows remote attackers to execute arbitrary shell commands on vulnerable systems by tricking users into vi...

This command injection vulnerability in F5 BIG-IP's iControl REST API and tmsh save command allows authenticated attackers to execute arbitrary system...

This is a post-authentication command injection vulnerability in Zyxel VMG4325-B10A DSL CPE devices that allows authenticated attackers to execute arb...

This is a post-authentication command injection vulnerability in Zyxel VMG4325-B10A DSL CPE devices. An authenticated attacker can execute arbitrary o...

The Linksys E8450 router firmware contains a command injection vulnerability in the email check functionality that allows authenticated attackers to e...

CVE-2025-0457 is an OS command injection vulnerability in NetVision Information's airPASS product that allows authenticated users with regular privile...

This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands t...

This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious payloads i...

This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers where attackers can execute arbitrary commands via the 'switch' pa...

This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands t...

This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers where attackers can execute arbitrary commands via the 'hour' para...

This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers where an attacker can execute arbitrary commands via the 'user' pa...

This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands t...

This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands t...

This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands t...

This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands t...

This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands t...

This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands i...

This CVE-2024-27778 is an OS command injection vulnerability in Fortinet FortiSandbox that allows authenticated attackers with read-only permissions t...

Authenticated command injection in Iocharger AC charging station firmware allows attackers with low-privilege accounts to execute arbitrary commands a...