CWE-78: OS Command Injection

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on FortiWAN devices by injecting malicious arguments ...

This vulnerability allows authenticated users of Sierra Wireless ALEOS Acemanager to manipulate IP logging operations to execute arbitrary shell comma...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-846 routers via a crafted POST request to the lan(0)_dhcps_stat...

This CVE describes a command injection vulnerability in D-Link DSL-3782 routers that allows attackers to execute arbitrary commands on the device. The...

This CVE describes an OS command injection vulnerability in Hestia Control Panel that allows authenticated attackers to execute arbitrary commands on ...

This CVE describes a command injection vulnerability in Digital Watchdog DW MEGApix IP cameras that allows attackers to execute arbitrary commands on ...

This CVE describes a command injection vulnerability in Digital Watchdog DW MEGApix IP cameras that allows attackers to execute arbitrary commands on ...

CVE-2022-26481 is an authenticated command injection vulnerability in Poly Studio video conferencing systems. Attackers with administrative access can...

This CVE describes an OS command injection vulnerability in Schneider Electric's SpaceLogic C-Bus Home Controller (formerly C-Bus Wiser Homer Controll...

CVE-2022-31138 is an OS command injection vulnerability in mailcow mailserver suite that allows authenticated users to execute arbitrary code by manip...

CVE-2022-25048 is a command injection vulnerability in CentOS Web Panel (CWP) that allows authenticated users to execute arbitrary commands with root ...

ZeroShell 3.9.5 contains a command injection vulnerability in the /cgi-bin/kerbynet IP parameter that allows authenticated attackers to execute arbitr...

This vulnerability allows authenticated attackers to execute arbitrary shell commands on HID Mercury Intelligent Controllers by sending specially craf...

This vulnerability allows remote attackers to execute arbitrary commands on Tenda HG6 routers by injecting malicious commands into the pingAddr and tr...

This CVE describes an OS command injection vulnerability in the gitsome npm package that allows attackers to execute arbitrary commands on the system ...

CVE-2022-31245 is an OS command injection vulnerability in mailcow email server software that allows authenticated users to execute arbitrary commands...

This vulnerability allows an attacker with user-level CLI access to inject root-level commands via the rconfig 'date' parameter in Fidelis Network and...

This vulnerability allows authenticated attackers with CLI user-level access to execute arbitrary commands on Fidelis Network and Deception components...

This vulnerability allows authenticated attackers to execute arbitrary system commands on Fidelis Network and Deception CommandPost through command in...

This vulnerability allows authenticated attackers to execute arbitrary system commands on Fidelis Network and Deception CommandPost servers through co...

CVE-2022-26518 is an OS command injection vulnerability in InHand Networks InRouter302's console infactory_net functionality that allows remote attack...

This vulnerability allows authenticated DataCollection users in USU Oracle Optimization software to execute arbitrary OS commands with root privileges...

This vulnerability allows authenticated attackers to execute arbitrary system commands on D-Link DIR-825 G1 routers through the 'webupg' binary due to...

The Dr Trust USA iCheck Connect BP Monitor version 1.2.1 accepts plain text commands over Bluetooth Low Energy (BLE) without authentication or encrypt...

This vulnerability allows an attacker on the same network segment to execute arbitrary operating system commands on Netcommunity OG410X and OG810X ser...

CVE-2022-27945 is a command injection vulnerability in NETGEAR R8500 routers that allows authenticated remote attackers to execute arbitrary commands ...

This vulnerability allows remote authenticated attackers to execute arbitrary commands on NETGEAR R8500 routers by injecting shell metacharacters into...

This vulnerability allows command injection in Okta Advanced Server Access Client for Linux and macOS. An attacker with knowledge of a valid team name...

CVE-2022-24237 is a command injection vulnerability in Snapt Aria's snaptPowered2 component that allows authenticated attackers to execute arbitrary c...

This vulnerability allows remote authenticated attackers to execute arbitrary operating system commands with root privileges on TP-Link Archer C20i ro...

This vulnerability allows authenticated users of Apache Airflow's web UI to execute arbitrary operating system commands through improperly sanitized p...

This vulnerability allows authenticated remote attackers to execute arbitrary commands with root privileges on Cisco NX-OS devices by sending crafted ...

This vulnerability in Jenkins Pipeline: Groovy Plugin allows attackers with Item/Configure permission to execute arbitrary operating system commands o...

This vulnerability in Jenkins Pipeline: Multibranch Plugin allows attackers with Item/Configure permission to execute arbitrary operating system comma...

This OS command injection vulnerability in Fortinet FortiWeb allows attackers to execute arbitrary commands on affected devices via specially crafted ...

CVE-2021-32849 is an authenticated remote code execution vulnerability in Gerapy, a distributed crawler management framework. Authenticated users can ...

This CVE describes a command injection vulnerability in Trendnet AC2600 routers that allows attackers to execute arbitrary commands as root by injecti...

This vulnerability allows attackers to execute arbitrary operating system commands on TP-Link TL-WR802N V4(JP) routers. Attackers can potentially gain...

This CVE describes an OS command injection vulnerability in Laravel's Filesystem.php link function. It allows attackers to execute arbitrary operating...

An unauthenticated command injection vulnerability in Gryphon Tower routers allows attackers on the same network to execute arbitrary commands as root...

An unauthenticated command injection vulnerability in Gryphon Tower routers allows attackers on the same network to execute arbitrary commands as root...

An unauthenticated command injection vulnerability in Gryphon Tower routers allows attackers on the same network to execute arbitrary commands as root...

An unauthenticated command injection vulnerability in Gryphon Tower routers allows attackers on the same network to execute arbitrary commands as root...

A post-authentication remote command injection vulnerability in SonicWall SMA100 appliances allows authenticated attackers to execute arbitrary operat...

This CVE describes a command injection vulnerability in Victure WR1200 routers that allows authenticated attackers to execute arbitrary shell commands...

CVE-2020-7879 is an OS command injection vulnerability in ipTIME C200 IP cameras when synchronized with ipTIME NAS devices. Attackers can execute arbi...

This vulnerability allows attackers to execute arbitrary operating system commands on Fortinet FortiWLM systems by sending specially crafted HTTP requ...

This vulnerability allows users with Author roles in WordPress to execute arbitrary operating system commands on the server via OS command injection i...

This vulnerability allows authenticated attackers with console access to execute arbitrary operating system commands through improper input sanitizati...

This vulnerability allows authenticated attackers to execute arbitrary commands on BIG-IP systems through the Configuration utility. It affects multip...