CWE-78: OS Command Injection

This CVE describes a command injection vulnerability in Magnet Forensics AXIOM's Android device image acquisition functionality. Network-adjacent atta...

This CVE describes a command injection vulnerability in Comtrend routers that allows authenticated users to execute arbitrary commands on the device b...

This vulnerability allows network-adjacent attackers to execute arbitrary code as root on D-Link DIR-X3260 routers by exploiting a command injection f...

This vulnerability allows network-adjacent attackers to execute arbitrary code as root on D-Link DIR-X3260 routers by exploiting command injection in ...

This vulnerability allows network-adjacent attackers to execute arbitrary code as root on D-Link DIR-X3260 routers by exploiting a command injection f...

This vulnerability allows network-adjacent attackers to execute arbitrary code as root on D-Link DIR-X3260 routers by exploiting command injection in ...

This vulnerability allows network-adjacent attackers to execute arbitrary code as root on D-Link DIR-2150 routers by exploiting a command injection fl...

This vulnerability allows network-adjacent attackers to execute arbitrary commands with root privileges on D-Link DIR-2150 routers by exploiting a com...

This vulnerability allows network-adjacent attackers to execute arbitrary code as root on D-Link DIR-2150 routers by exploiting command injection in t...

This vulnerability allows network-adjacent attackers with authentication to execute arbitrary commands as root on TP-Link Omada ER605 routers. The iss...

This CVE describes a command injection vulnerability in Tenda AC15 routers where an attacker can execute arbitrary commands via the deviceName paramet...

An OS command injection vulnerability in legacy QNAP VioStor NVR models allows authenticated users to execute arbitrary commands on the system via net...

This CVE describes an OS command injection vulnerability in specific ELECOM wireless router models. An authenticated attacker on the same network can ...

This vulnerability allows an authenticated attacker on the same network to execute arbitrary operating system commands on affected Archer AX6000 route...

This vulnerability allows an authenticated attacker on the same network to execute arbitrary operating system commands on affected TP-Link Archer rout...

This vulnerability allows a network-adjacent authenticated attacker to execute arbitrary operating system commands on Deco M4 mesh Wi-Fi systems. Atta...

This CVE describes a command injection vulnerability in Zyxel firewall and WLAN controller products that allows LAN-based attackers to execute arbitra...

This CVE describes an OS command injection vulnerability in ELECOM wireless LAN routers that allows authenticated attackers on the same network to exe...

This vulnerability allows network-adjacent attackers to execute arbitrary code as root on TP-Link TL-WR841N routers by bypassing authentication and ex...

This critical vulnerability allows remote attackers to execute arbitrary operating system commands on affected WAVLINK routers by manipulating the 'ke...

This CVE-2022-2488 is a critical OS command injection vulnerability in WAVLINK WN535K2 and WN535K3 routers. Attackers can execute arbitrary commands o...

This CVE describes an authenticated command injection vulnerability in Lenovo Personal Cloud Storage devices that allows authenticated users to execut...

This vulnerability allows an authenticated attacker on the same network to execute arbitrary operating system commands on affected ELECOM LAN routers....

This CVE describes an OS command injection vulnerability in multiple ELECOM router models that allows authenticated attackers on the same network to e...

CVE-2020-22000 allows authenticated attackers to execute arbitrary operating system commands on HomeAutomation systems through a vulnerable plugin. Co...

This vulnerability allows authenticated attackers to execute arbitrary commands on D-Link DIR-841 routers via the /jsonrpc endpoint. Attackers can inj...

This vulnerability allows authenticated users to execute arbitrary operating system commands on D-Link DSL-2888A routers via a hidden execute_cmd.cgi ...

CVE-2020-26217 is a remote code execution vulnerability in XStream that allows attackers to execute arbitrary shell commands by manipulating processed...

This vulnerability allows network-adjacent attackers to bypass authentication and execute arbitrary code on D-Link DAP-1860 WiFi extenders via the HNA...

This vulnerability allows attackers to execute arbitrary shell commands in melange pipelines when they can provide build input values. The issue occur...

This CVE describes an OS command injection vulnerability in Adobe ColdFusion that allows authenticated high-privileged attackers to execute arbitrary ...

CVE-2026-25546 is a command injection vulnerability in godot-mcp that allows remote code execution. Attackers can inject shell metacharacters through ...

This vulnerability allows attackers to execute arbitrary shell commands on the build host by injecting shell metacharacters into melange's patch pipel...

This vulnerability in Brocade Fabric OS allows authenticated local attackers with Bash shell access to read insecurely stored file contents, including...

This OS command injection vulnerability in Dell UnityVSA allows low-privileged local attackers to execute arbitrary commands with root privileges. It ...

This CVE describes an OS command injection vulnerability in Dell Unity storage systems. A low-privileged attacker with local access can execute arbitr...

A local OS command injection vulnerability in the com.sprd.engineermode component on Doogee Note59 series devices allows attackers with ADB shell acce...

This is a command injection vulnerability in the mcp-server-siri-shortcuts software that allows local attackers to escalate privileges. Attackers with...

This CVE describes a command injection vulnerability in NVIDIA NSIGHT Graphics for Linux that allows attackers to execute arbitrary commands. Successf...

This vulnerability allows attackers to execute arbitrary commands on systems running vulnerable versions of Kiro IDE by tricking users into opening ma...

CVE-2022-50795 is a conditional command injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco systems up to version 2.x. Unauthenticated attackers ...

This is a command injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco systems up to version 2.x. Local authenticated users can create malicious f...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on SOUND4 IMPACT/FIRST/PULSE/Eco systems by sending a single HTTP PO...

This CVE describes an OS command injection vulnerability in Ruijie X60 PRO routers that allows attackers to execute arbitrary commands on the device. ...

A local privilege escalation vulnerability in Windscribe VPN for Linux allows users in the windscribe group to execute arbitrary commands as root via ...

This is a command injection vulnerability in evernote-mcp-server's openBrowser function that allows local attackers with initial low-privilege access ...

This CVE describes an OS command injection vulnerability in Dell Unity storage systems. A low-privileged attacker with local access can execute arbitr...

This CVE describes an OS command injection vulnerability in Dell Unity storage systems. A low-privileged attacker with local access can execute arbitr...

CVE-2025-62801 is a command injection vulnerability in FastMCP that allows attackers to execute arbitrary operating system commands on Windows hosts b...

This vulnerability allows local low-privileged attackers to execute arbitrary operating system commands on Dell PowerProtect Data Manager Hyper-V syst...