CWE-78: OS Command Injection

This CVE describes a template injection vulnerability in Logpoint's search template feature that uses Jinja templating. Any authenticated user with se...

An authenticated OS command injection vulnerability in LoadMaster allows any authenticated UI user to execute arbitrary operating system commands thro...

This vulnerability allows authenticated SSH users with limited access on Crestron AM-300 devices to execute arbitrary OS commands and escalate privile...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands with elevated privileges on NetModule Router Software...

CVE-2023-26129 is a command injection vulnerability in the bwm-ng npm package that allows attackers to execute arbitrary system commands on the host. ...

This vulnerability allows authenticated MVISION EDR administrators to execute arbitrary PowerShell commands on client systems through the 'execute rea...

CVE-2020-7688 is an OS command injection vulnerability in the mversion npm package that allows attackers to execute arbitrary commands on the host sys...

This vulnerability allows remote attackers to execute arbitrary operating system commands on affected Linksys routers by injecting shell metacharacter...

This CVE describes an OS command injection vulnerability in Revolution Pi devices that allows authenticated attackers to execute arbitrary operating s...

This CVE describes an environment variable injection vulnerability in Litestar's GitHub Actions workflow that could allow attackers to exfiltration se...

This vulnerability in yt-dlp allows remote code execution when using the --exec option with output template expansion. Attackers can exploit insuffici...

CVE-2023-26153 is a command injection vulnerability in geokit-rails Ruby gem versions before 2.5.0. Attackers can exploit unsafe YAML deserialization ...

This vulnerability in discordrb (a Ruby Discord API library) allows command injection if user-controlled input reaches a specific method. Attackers co...

CVE-2021-28571 is a command injection vulnerability in Adobe After Effects that allows arbitrary code execution when chained with JavaScript debugging...

CVE-2021-36011 is a command injection vulnerability in Adobe Illustrator that allows arbitrary code execution when chained with a JavaScript debugging...

This CVE describes an OS command injection vulnerability in Mitsubishi Electric's GENESIS64, ICONICS Suite, and MobileHMI software. A local attacker c...

This CVE describes an OS command injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server firmware. Attackers can execute arbitra...

This CVE describes an OS command injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server firmware that allows attackers to execu...

This CVE describes an OS command injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server firmware that allows attackers to execu...

This vulnerability allows remote attackers to execute arbitrary OS commands with root privileges on Unitree robotic devices by injecting malicious cod...

This CVE describes an OS command injection vulnerability in Adobe ColdFusion that allows authenticated attackers with local access to execute arbitrar...

On Windows, Subversion's command-line argument processing can misinterpret specially crafted arguments due to character encoding issues, potentially a...

An improper input validation vulnerability in Zoom Desktop Client for Windows allows unauthorized users to escalate privileges via network access. Thi...

CVE-2022-1360 is an OS command injection vulnerability in Cambium Networks cnMaestro On-Premise that allows remote attackers to execute arbitrary comm...

This vulnerability allows authenticated attackers to execute arbitrary code on systems running vulnerable versions of Adobe Acrobat Reader DC by trick...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands with root privileges on affected Cisco Small Business VPN rou...

This vulnerability allows authenticated users with Resource Administrator or Administrator roles on affected BIG-IP systems to execute arbitrary bash ...

This vulnerability in D-Link DSL-7740C routers allows authenticated LAN users to execute arbitrary commands through improper input validation. Attacke...

This CVE describes a command injection vulnerability in Deno's node:child_process implementation that allows attackers to execute arbitrary commands o...

CVE-2025-68154 is an OS command injection vulnerability in the systeminformation library for Node.js. On Windows systems, the fsSize() function improp...

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in its GIF compression tool. Attackers can execute arbitrary system comm...

CVE-2025-58370 is a command injection vulnerability in Roo Code's Bash parameter expansion handling that allows attackers to execute arbitrary command...

This vulnerability allows command injection in Roo Code's auto-execute feature when processing crafted prompts. Attackers with access to submit prompt...

This CVE allows command injection in PHP on Windows systems with specific non-standard codepage configurations, bypassing previous CVE-2024-4577 fixes...

This CVE describes a command injection vulnerability in Zyxel firewall devices that allows unauthenticated attackers to execute operating system comma...

This vulnerability allows authenticated users who can commit files to Soft Serve Git repositories to execute arbitrary code on the server. Attackers c...

This CVE describes an OS command injection vulnerability in Grandstream GXP2135 IP phones' CWMP SelfDefinedTimeZone functionality. Attackers can send ...

This vulnerability allows attackers to execute arbitrary operating system commands on systems running vulnerable versions of openEuler migration-tools...

This vulnerability allows attackers to execute arbitrary commands on systems by exploiting improper sanitization of zip file processing. An authorized...

This CVE describes an OS command injection vulnerability in WPS Office that allows remote attackers to execute arbitrary commands on affected systems....

This CVE describes a command injection vulnerability in NextCloud Cookbook's GitHub Actions workflow. Attackers with write access to the repository ca...

This vulnerability allows authenticated attackers to execute arbitrary commands on FortiWeb web application firewalls by sending specially crafted HTT...

This CVE-2021-3059 is an OS command injection vulnerability in Palo Alto Networks PAN-OS management interface that allows man-in-the-middle attackers ...

CVE-2021-35062 is a shell command injection vulnerability in the DRK Odenwaldkreis Testerfassung COVID-19 test result system. Attackers with a valid t...

CVE-2021-23412 is a command injection vulnerability in the gitlogplus npm package that allows attackers to execute arbitrary commands on the host syst...

CVE-2021-0265 is an unauthenticated remote code execution vulnerability in Juniper Networks AppFormix Agent's REST API. Attackers can execute arbitrar...

This vulnerability allows remote attackers to execute arbitrary commands on affected Aruba Instant Access Point devices without authentication. It aff...

CVE-2020-35851 is a command injection vulnerability in HGiga MailSherlock email security appliances. Attackers can exploit improper parameter validati...

This vulnerability in the systeminformation npm package allows attackers to execute arbitrary commands on affected systems through prototype pollution...

An OS command injection vulnerability in TP-Link Archer BE230 routers allows adjacent authenticated attackers to execute arbitrary commands. This coul...