CWE-78: OS Command Injection

CVE-2019-14479 is a remote code execution vulnerability in AdRem NetCrunch network monitoring software. A read-only administrator account can execute ...

CVE-2020-5635 is an OS command injection vulnerability in Aterm SA3500G routers that allows attackers on the same network to execute arbitrary command...

This vulnerability allows unprivileged Windows users or SMB users to execute arbitrary commands with SYSTEM privileges on affected Citrix Virtual Apps...

This vulnerability allows authenticated users to escalate their privileges to root on Citrix SD-WAN Center appliances. Attackers with valid credential...

CVE-2020-25849 is a command injection vulnerability in MailGates and MailAudit email security products. Attackers who obtain a user's access token can...

CVE-2020-27887 is an authenticated remote code execution vulnerability in EyesOfNetwork's AutoDiscovery module. An authenticated user with sufficient ...

CVE-2020-26878 is a remote command injection vulnerability in Ruckus vRIoT software that allows authenticated attackers to execute arbitrary commands ...

CVE-2020-7752 is a command injection vulnerability in the systeminformation npm package that allows attackers to execute arbitrary operating system co...

This vulnerability allows authenticated remote attackers to execute arbitrary code as root on Microhard Bullet-LTE devices. The flaw exists in the too...

This vulnerability allows remote authenticated users to execute arbitrary commands on D-Link DAP-1360U wireless access points via command injection in...

This vulnerability allows authenticated attackers to execute arbitrary commands as root on affected Gemtek routers through the Monitor Diagnostic netw...

CVE-2020-2276 is a command injection vulnerability in Jenkins Selection tasks Plugin that allows attackers with Job/Configure permission to execute ar...

CVE-2020-2261 is an OS command injection vulnerability in Jenkins Perfecto Plugin that allows attackers with Job/Configure permission to execute arbit...

This vulnerability in Cisco Jabber for Windows allows remote attackers to execute arbitrary commands by tricking users into clicking malicious links. ...

This vulnerability allows remote attackers to execute arbitrary shell commands on affected Zyxel VMG5313-B30B routers through shell injection. Attacke...

CVE-2020-23934 is an authenticated remote code execution vulnerability in RiteCMS 2.2.1 that allows authenticated users to upload PHP web shells via t...

This CVE describes a command injection vulnerability in SABnzbd's web configuration interface that allows authenticated users to execute arbitrary Pyt...

Two OS command injection vulnerabilities in the Sophos XG Firewall User Portal allow authenticated attackers to execute arbitrary commands on the fire...

This vulnerability allows authenticated users with DKIM key management privileges to execute arbitrary system commands on Micro Focus Secure Messaging...

This vulnerability allows remote command injection in the ATOS/Sips payment module for Magento. Attackers can execute arbitrary system commands on ser...

This vulnerability allows remote command execution on MiPlatform systems by exploiting improper input validation in the ExtCommandApi.dll module. Atta...

This vulnerability allows attackers to execute arbitrary code on affected Rittal PDU and CMCIII devices through OS command injection. Organizations us...

This vulnerability allows remote authenticated attackers to execute arbitrary operating system commands on Dell EMC Data Protection Advisor systems th...

This vulnerability allows authenticated attackers with SCP/SFTP access to bypass Appliance mode restrictions on affected F5 systems using undisclosed ...

This CVE-2021-34362 is a command injection vulnerability in QNAP's Media Streaming add-on that allows remote attackers to execute arbitrary commands o...

This CVE describes an OS command injection vulnerability in Adobe Dreamweaver Desktop versions 21.6 and earlier. Attackers can execute arbitrary code ...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands by manipulating NTP configuration settings on affecte...

CVE-2025-27614 is a command injection vulnerability in Gitk that allows attackers to execute arbitrary scripts on a user's system by tricking them int...

This CVE describes a remote code execution vulnerability in Brocade Fabric OS that allows attackers to execute arbitrary code and gain root access to ...

CVE-2023-35174 is a remote code execution vulnerability in Livebook Desktop on Windows. Attackers can craft malicious livebook:// links that, when cli...

This vulnerability allows remote command injection in total.js framework versions before 3.4.7. Attackers can execute arbitrary commands on the server...

This vulnerability in Webmin's Squid module allows authenticated users with Cache Manager permissions to execute arbitrary commands on the server thro...

Cursor code editor versions below 1.3.9 allow attackers to exploit indirect prompt injection to write malicious MCP configuration files without user a...

CVE-2025-44960 is an OS command injection vulnerability in RUCKUS SmartZone (SZ) network management software. Attackers can execute arbitrary commands...

CVE-2025-49141 is an OS command injection vulnerability in HAX CMS PHP's gitImportSite functionality. Authenticated attackers can execute arbitrary co...

This vulnerability allows remote code execution through iTop's web portal frontend. Attackers can execute arbitrary commands on the server by exploiti...

This vulnerability allows authenticated remote attackers to execute arbitrary operating system commands on IBM Security Guardium Key Lifecycle Manager...

This CVE describes a command injection vulnerability in the systeminformation Node.js library's wifiNetworks() function. Attackers can execute arbitra...

OpenClaw personal AI assistant versions before 2026.1.20 contain a command injection vulnerability. Unauthenticated local clients can exploit the Gate...

This CVE describes an OS command injection vulnerability in Progress LoadMaster's API that allows authenticated attackers with 'User Administration' p...

This CVE describes an OS command injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK. An authenticated attacker with a...

This vulnerability allows a privileged user with known credentials to execute arbitrary commands through command injection in Dell CloudLink, potentia...

Dell CloudLink versions before 8.2 contain an OS command injection vulnerability (CWE-78) where authenticated privileged users can execute arbitrary c...

CVE-2025-0636 is an OS command injection vulnerability in EMCLI that allows attackers to execute arbitrary commands on affected systems. This high-sev...

This vulnerability allows authenticated administrators to execute arbitrary operating system commands through the web application's user management in...

An improper input validation vulnerability in the NTP server configuration field of Eaton Network-M2 cards allows authenticated high-privileged users ...

This CVE describes an OS command injection vulnerability in Adobe Commerce that allows authenticated admin users to execute arbitrary commands on the ...

This CVE describes a command injection vulnerability in the parisneo/lollms-webui application that allows remote attackers to execute arbitrary comman...

This CVE describes OS command injection vulnerabilities in GE HealthCare ultrasound devices that allow attackers to execute arbitrary commands on affe...

This CVE describes a template injection vulnerability in Logpoint's search template feature that uses Jinja templating. Any authenticated user with se...