CWE-78: OS Command Injection

This OS command injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server allows attackers to execute arbitrary operating system c...

This vulnerability allows authenticated users to execute arbitrary operating system commands by injecting malicious input into an IP address field in ...

This OS command injection vulnerability in Honeywell MB-Secure allows attackers to execute arbitrary commands on affected systems, potentially leading...

An OS command injection vulnerability in Vinci Protocol Analyzer allows attackers to execute arbitrary commands on affected systems, potentially leadi...

This vulnerability allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges on Cisco IND devices by exploiting impro...

This vulnerability allows authenticated attackers with at least Security Analyst (Read Only) privileges to execute arbitrary commands as root on Cisco...

This vulnerability allows remote authenticated users with upload permissions to execute arbitrary operating system commands on rejetto HFS servers. Th...

CVE-2023-35893 is a critical command injection vulnerability in IBM Security Guardium that allows authenticated remote attackers to execute arbitrary ...

This CVE allows remote authenticated users to execute arbitrary operating system commands on Synology Mail Station servers through OS command injectio...

This CVE describes an OS command injection vulnerability in Lantronix PremierWave 2050's Web Manager Wireless Network Scanner. Authenticated attackers...

This CVE allows authenticated attackers to execute arbitrary operating system commands on Lantronix PremierWave 2050 devices through the Web Manager D...

This CVE describes an OS command injection vulnerability in Lantronix PremierWave 2050's Web Manager Diagnostics Traceroute functionality. An authenti...

CVE-2021-23031 is an authenticated privilege escalation vulnerability in F5 BIG-IP Advanced WAF and ASM Configuration utility. An authenticated user c...

CVE-2020-17363 is a remote code execution vulnerability in USVN (User-friendly SVN) that allows attackers to execute arbitrary commands on the server ...

CVE-2026-29058 is a critical remote code execution vulnerability in AVideo video-sharing platform where unauthenticated attackers can execute arbitrar...

A remote command injection vulnerability in Zyxel EX3510-B0 devices allows attackers to execute arbitrary operating system commands by sending special...

CVE-2019-25441 is a critical command injection vulnerability in thesystem 1.0 that allows unauthenticated attackers to execute arbitrary system comman...

An unauthenticated remote code execution vulnerability exists in Smanga 3.2.7 where the /php/path/rescan.php interface fails to sanitize the mediaId p...

RustFly 2.0.0 contains a critical command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP po...

CVE-2025-15559 is an unauthenticated OS command injection vulnerability in NesterSoft WorkTime server's client generation API. Attackers can execute a...

CVE-2025-65791 is a critical command injection vulnerability in ZoneMinder's image.php component that allows attackers to execute arbitrary commands o...

BeyondTrust Remote Support and older Privileged Remote Access versions contain a critical pre-authentication remote code execution vulnerability. Unau...

This vulnerability allows attackers to modify files in the .git directory of Gogs installations, potentially leading to remote command execution. It a...

CVE-2020-37125 is a critical remote code execution vulnerability in Edimax EW-7438RPn-v3 Mini range extenders that allows unauthenticated attackers to...

CVE-2025-51958 is a critical remote code execution vulnerability in the aelsantex runcommand plugin for DokuWiki. Unauthenticated attackers can execut...

CVE-2026-0787 is a command injection vulnerability in ALGO 8180 IP Audio Alerter devices that allows unauthenticated remote attackers to execute arbit...

This vulnerability allows remote attackers to execute arbitrary commands on systems running vulnerable versions of gemini-mcp-tool without authenticat...

This is a critical command injection vulnerability in github-kanban-mcp-server that allows unauthenticated remote attackers to execute arbitrary syste...

This vulnerability allows remote attackers to execute arbitrary commands on systems running Katana Network Development Starter Kit without authenticat...

This is a critical command injection vulnerability in Ollama MCP Server that allows remote attackers to execute arbitrary system commands without auth...

This vulnerability allows remote attackers to execute arbitrary code on Framelink Figma MCP Server installations without authentication. Attackers can...

This vulnerability in Apryse HTML2PDF SDK allows attackers to execute arbitrary operating system commands on servers using the InsertFromURL() functio...

Mini Mouse 9.2.0 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands via crafted HTTP ...

CVE-2021-47748 is a critical remote code execution vulnerability in Hasura GraphQL Engine that allows attackers to execute arbitrary shell commands on...

This vulnerability allows remote, unauthenticated attackers to execute arbitrary operating system commands on NOAA PMEL Live Access Server (LAS) insta...

CVE-2023-54339 is a remote command execution vulnerability in Webgrind 1.1 that allows unauthenticated attackers to inject and execute arbitrary OS co...

CVE-2022-50919 is an unauthenticated remote code execution vulnerability in Tdarr's Help terminal that allows attackers to inject arbitrary commands. ...

This CVE describes an OS command injection vulnerability in Fortinet FortiSIEM that allows attackers to execute arbitrary commands via crafted TCP req...

TinyWeb HTTP Server versions before 1.98 are vulnerable to unauthenticated remote command injection via CGI ISINDEX-style query parameters. Attackers ...

This OS command injection vulnerability in Broadcom DX NetOps Spectrum allows attackers to execute arbitrary operating system commands on affected sys...

This vulnerability allows unauthenticated attackers to execute arbitrary system commands on SOUND4 IMPACT/FIRST/PULSE/Eco systems by injecting shell c...

CVE-2022-50691 is a critical remote command execution vulnerability in MiniDVBLinux 5.4 that allows unauthenticated attackers to execute arbitrary com...

This vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands on IceWarp servers by injecting malicious co...

CVE-2023-53963 is an unauthenticated remote command injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco v2.x systems. Attackers can execute arbit...

EasyPHP Webserver 14.1 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary system command...

Typora 1.7.4 contains a command injection vulnerability in PDF export preferences that allows attackers to execute arbitrary system commands. Attacker...

This vulnerability allows remote attackers to execute arbitrary shell commands on Selea Targa IP OCR-ANPR cameras without authentication. Attackers ca...

This vulnerability in openmptcprouter allows attackers to write arbitrary files or execute arbitrary commands via improper neutralization of special e...

CVE-2025-66576 is a critical remote code execution vulnerability in Remote Keyboard Desktop 1.0.1 that allows unauthenticated attackers to execute arb...

This vulnerability allows remote attackers to execute arbitrary operating system commands on ALLNET ALL-RUT22GW industrial LTE cellular routers via th...