CWE-78: OS Command Injection

This vulnerability allows authenticated attackers to execute arbitrary commands on BIG-IP systems through the Configuration utility. It affects multip...

CVE-2021-37531 is an XSLT injection vulnerability in SAP NetWeaver Knowledge Management XML Forms that allows authenticated non-administrative users t...

This vulnerability allows attackers to execute arbitrary commands on Fortinet FortiWeb web application firewalls by sending specially crafted HTTP req...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on affected MOXA devices via the /forms/web_importTFT...

This vulnerability allows authenticated attackers to execute arbitrary commands on affected Altus networking devices via parameter injection in the ge...

This vulnerability allows attackers to inject malicious HTML/JavaScript into podcast feeds, which Poddycast renders without sanitization. As an Electr...

This vulnerability allows an unauthenticated attacker on the same network to execute arbitrary operating system commands on affected ELECOM wireless r...

This vulnerability allows remote authenticated attackers to execute arbitrary operating system commands with root privileges on affected Hitachi and N...

This vulnerability allows authenticated low-privilege users to execute arbitrary commands on Weidmueller Industrial WLAN devices by uploading a specia...

This vulnerability allows authenticated low-privilege users to execute arbitrary commands on Weidmueller Industrial WLAN devices through command injec...

CVE-2021-31769 allows unprivileged users to execute arbitrary operating system commands on MyQ X Smart servers. This occurs due to an authorization by...

This vulnerability allows authenticated remote attackers to execute arbitrary commands on Enphase Envoy solar energy monitoring devices via the force ...

This vulnerability allows remote attackers to execute arbitrary operating system commands with root privileges on affected Buffalo WSR-1166DHP3 and WS...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on BigTree CMS servers through the 'Create a New Sett...

This vulnerability allows authenticated remote attackers to execute arbitrary commands on Cisco Prime Infrastructure and EPN Manager systems via craft...

This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on affected NETGEAR smart switches by injecting mal...

This vulnerability allows remote attackers to execute arbitrary operating system commands on Hongdian H8922 devices by injecting shell metacharacters ...

This vulnerability allows authenticated attackers with default credentials to execute arbitrary operating system commands as root on iWT Ltd FaceSentr...

CVE-2020-21992 allows authenticated attackers to execute arbitrary OS commands with root privileges on Inim Electronics SmartLiving SmartLAN/G/SI devi...

CVE-2021-29147 is a remote command execution vulnerability in Aruba ClearPass Policy Manager that allows attackers to execute arbitrary commands on af...

This vulnerability allows remote attackers to execute arbitrary operating system commands on Aruba AirWave Management Platform systems without authent...

This CVE describes an OS command injection vulnerability in Unibox network devices that allows attackers to execute arbitrary commands on the system. ...

This vulnerability allows remote attackers to execute arbitrary commands on affected Aruba Instant Access Points (IAPs) by exploiting improper neutral...

This vulnerability allows authenticated remote attackers to execute arbitrary operating system commands on NETGEAR ProSAFE Network Management System i...

This vulnerability allows remote attackers to execute arbitrary code and retrieve admin credentials on Askey Fiber Router RTF3505VW-N1 devices. Attack...

This CVE describes a post-authentication command injection vulnerability in SonicWall SMA100 appliances. An authenticated attacker can execute arbitra...

CVE-2020-27575 is a command injection vulnerability in Maxum Rumpus web administration that allows authenticated administrators to execute arbitrary c...

CVE-2021-20074 allows authenticated users to escape the command line interface in Racom's MIDGE Firmware and execute arbitrary operating system comman...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on Nagios XI servers through improper input sanitizat...

This vulnerability allows remote authenticated attackers to execute arbitrary system commands with root privileges on Belkin Linksys WRT160NL routers....

This vulnerability allows authenticated remote attackers to escape the restricted administration shell CLI on UCOPIA Wi-Fi appliances and gain full ad...

CVE-2020-5626 allows remote attackers to execute arbitrary operating system commands by uploading a specially crafted log file to Logstorage or ELC An...

CVE-2021-3317 is an authenticated command injection vulnerability in KLog Server that allows attackers with valid credentials to execute arbitrary com...

This vulnerability allows authenticated users to execute arbitrary commands as root on TP-Link TL-WR841N V13 (JP) routers via the traceroute feature. ...

This vulnerability allows remote attackers to execute arbitrary commands on Yale WIPC-303W IP cameras through command injection in the HTTP API. Attac...

This CVE describes an OS command injection vulnerability in FortiDeceptor that allows remote authenticated attackers to execute arbitrary commands on ...

This vulnerability allows remote authenticated users to execute arbitrary commands on Belkin LINKSYS RE6500 devices via the web interface. Attackers c...

This vulnerability allows authenticated users with Package Updates module access in Webmin to execute arbitrary commands with root privileges by injec...

CVE-2019-14479 is a remote code execution vulnerability in AdRem NetCrunch network monitoring software. A read-only administrator account can execute ...

CVE-2020-5635 is an OS command injection vulnerability in Aterm SA3500G routers that allows attackers on the same network to execute arbitrary command...

This vulnerability allows unprivileged Windows users or SMB users to execute arbitrary commands with SYSTEM privileges on affected Citrix Virtual Apps...

This vulnerability allows authenticated users to escalate their privileges to root on Citrix SD-WAN Center appliances. Attackers with valid credential...

CVE-2020-25849 is a command injection vulnerability in MailGates and MailAudit email security products. Attackers who obtain a user's access token can...

CVE-2020-27887 is an authenticated remote code execution vulnerability in EyesOfNetwork's AutoDiscovery module. An authenticated user with sufficient ...

CVE-2020-26878 is a remote command injection vulnerability in Ruckus vRIoT software that allows authenticated attackers to execute arbitrary commands ...

CVE-2020-7752 is a command injection vulnerability in the systeminformation npm package that allows attackers to execute arbitrary operating system co...

This vulnerability allows authenticated remote attackers to execute arbitrary code as root on Microhard Bullet-LTE devices. The flaw exists in the too...

This vulnerability allows remote authenticated users to execute arbitrary commands on D-Link DAP-1360U wireless access points via command injection in...

This vulnerability allows authenticated attackers to execute arbitrary commands as root on affected Gemtek routers through the Monitor Diagnostic netw...

CVE-2020-2276 is a command injection vulnerability in Jenkins Selection tasks Plugin that allows attackers with Job/Configure permission to execute ar...