CWE-78: OS Command Injection

CVE-2021-23412 is a command injection vulnerability in the gitlogplus npm package that allows attackers to execute arbitrary commands on the host syst...

CVE-2021-0265 is an unauthenticated remote code execution vulnerability in Juniper Networks AppFormix Agent's REST API. Attackers can execute arbitrar...

This vulnerability allows remote attackers to execute arbitrary commands on affected Aruba Instant Access Point devices without authentication. It aff...

CVE-2020-35851 is a command injection vulnerability in HGiga MailSherlock email security appliances. Attackers can exploit improper parameter validati...

This vulnerability in the systeminformation npm package allows attackers to execute arbitrary commands on affected systems through prototype pollution...

An OS command injection vulnerability in TP-Link Archer BE230 routers allows adjacent authenticated attackers to execute arbitrary commands. This coul...

An OS command injection vulnerability in TP-Link Archer BE230 routers allows adjacent authenticated attackers to execute arbitrary commands. This coul...

An authenticated OS command injection vulnerability in TP-Link Archer BE230 routers allows attackers on the same network to execute arbitrary commands...

An authenticated OS command injection vulnerability in TP-Link Archer BE230 routers allows attackers on the same network to execute arbitrary commands...

An OS command injection vulnerability in TP-Link Archer BE230 routers allows adjacent authenticated attackers to execute arbitrary commands. Successfu...

CVE-2025-9974 is an OS command injection vulnerability in the unified WEBUI application of Nokia ONT/Beacon devices. Authenticated attackers with low ...

CVE-2026-24129 is a command injection vulnerability in Runtipi that allows authenticated users to execute arbitrary system commands on the host server...

This CVE describes a command injection vulnerability in TP-Link WA850RE range extenders' httpd modules. Authenticated attackers on the same network ca...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands with root privileges on TRENDnet TEW-657BRM routers. ...

This vulnerability in Red Hat Satellite's Foreman component allows authenticated users with edit_settings permissions to execute arbitrary commands on...

This CVE describes an OS command injection vulnerability in LemonLDAP::NG's Safe jail feature. Administrators with rule editing privileges can execute...

This command injection vulnerability in Tautulli allows attackers with administrative access to execute arbitrary commands on the server, potentially ...

This CVE describes an OS command injection vulnerability in Deco BE65 Pro mesh Wi-Fi systems that allows authenticated users to execute arbitrary comm...

This CVE describes an OS command injection vulnerability in D-Link DSL-3782 routers via the samba_wg and samba_nbn parameters. Attackers can execute a...

This CVE describes an OS command injection vulnerability in D-Link DSL-3782 routers via the public_type parameter. Attackers can execute arbitrary ope...

This CVE describes an OS command injection vulnerability in D-Link DSL-3782 routers that allows attackers to execute arbitrary operating system comman...

This vulnerability allows remote attackers to execute arbitrary code on TP-Link TL-WPA8630 powerline adapters via command injection in the 'devpwd' pa...

An authenticated remote code execution vulnerability in TP-Link Archer routers allows attackers with network access to execute arbitrary commands on a...

This vulnerability allows remote attackers to execute arbitrary operating system commands on EnGenius EWS356-FIR wireless access points via the Contro...

This CVE describes an OS command injection vulnerability in AIPHONE IX SYSTEM and IXG SYSTEM intercom systems. An authenticated attacker on the same n...

This CVE describes a command injection vulnerability in Trend Micro Deep Security 20 Agent's manual scan feature. Attackers with local access or domai...

This CVE describes an OS command injection vulnerability in the RP562B Mesh Wi-Fi router firmware. Network-adjacent authenticated attackers can execut...

This CVE describes a command injection vulnerability in Netgear XR300 routers that allows attackers to execute arbitrary operating system commands by ...

This CVE describes a command injection vulnerability in Netgear R8500 routers that allows attackers to execute arbitrary operating system commands by ...

This CVE describes a command injection vulnerability in specific Netgear router models that allows attackers to execute arbitrary operating system com...

This vulnerability allows attackers to execute arbitrary operating system commands on Netgear R8500 routers by sending specially crafted requests to t...

This vulnerability allows remote attackers to execute arbitrary operating system commands on Netgear XR300 routers by sending specially crafted reques...

This CVE describes a command injection vulnerability in specific Netgear router models that allows attackers to execute arbitrary operating system com...

This vulnerability allows attackers to execute arbitrary operating system commands on Netgear R8500 routers by sending specially crafted requests to t...

DrayTek Vigor3900 routers running firmware version 1.5.1.3 contain a post-authentication command injection vulnerability in the OpenVPN configuration ...

DrayTek Vigor3900 routers version 1.5.1.3 contain a post-authentication command injection vulnerability in the mainfunction.cgi endpoint. Attackers wi...

DrayTek Vigor3900 firmware version 1.5.1.3 contains a post-authentication command injection vulnerability in the delete_wlan_profile function. An atta...

DrayTek Vigor3900 firmware version 1.5.1.3 contains a post-authentication command injection vulnerability in the mainfunction.cgi endpoint. An attacke...

This vulnerability allows remote attackers to execute arbitrary commands on Draytek Vigor3900 routers by injecting malicious commands into the mainfun...

This vulnerability allows remote attackers to execute arbitrary commands on Draytek Vigor3900 routers by injecting malicious commands into the mainfun...

This vulnerability allows authenticated attackers to execute arbitrary commands on DrayTek Vigor2960 routers by injecting malicious commands into the ...

This vulnerability allows remote attackers to execute arbitrary operating system commands on affected D-Link routers via command injection in the MacA...

This CVE describes multiple command injection vulnerabilities in D-Link DIR-882 and DIR-878 routers that allow attackers to execute arbitrary operatin...

This CVE describes a command injection vulnerability in D-Link DIR-882 and DIR-878 routers that allows attackers to execute arbitrary operating system...

This CVE describes a command injection vulnerability in D-Link DIR-882 and DIR-878 routers that allows attackers to execute arbitrary operating system...

This CVE describes a command injection vulnerability in specific D-Link router models that allows attackers to execute arbitrary operating system comm...

This vulnerability allows remote attackers to execute arbitrary code on TP-LINK TL-WDR5620 v2.3 routers via the httpProcDataSrv function. Attackers ca...

Syrotech SY-GOPON-8OLT-L3 version 1.6.0_240629 contains an authenticated command injection vulnerability (CWE-78) that allows attackers with valid cre...

This CVE describes a command injection vulnerability in Magnet Forensics AXIOM's Android device image acquisition functionality. Network-adjacent atta...

This CVE describes a command injection vulnerability in Comtrend routers that allows authenticated users to execute arbitrary commands on the device b...