CWE-78: OS Command Injection

This critical vulnerability in KylinSoft youker-assistant on KylinOS allows local attackers to execute arbitrary operating system commands through com...

This CVE-2022-40679 is an OS command injection vulnerability in multiple Fortinet products that allows authenticated attackers to execute arbitrary co...

This vulnerability allows attackers to execute arbitrary commands on systems running vulnerable versions of Org Mode for GNU Emacs. Attackers can expl...

This vulnerability in Emacs allows attackers to execute arbitrary shell commands through a malicious mailto: URI when using emacsclient-mail.desktop. ...

This CVE describes an OS command injection vulnerability in Fortinet FortiADC that allows authenticated attackers to execute arbitrary shell commands ...

CVE-2022-22454 is an OS command injection vulnerability in IBM InfoSphere Information Server that allows authenticated local attackers to execute arbi...

CVE-2022-1262 is a command injection vulnerability in the protest binary that allows authenticated attackers with CLI access to execute arbitrary comm...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on FortiAP-C devices by injecting malicious arguments...

CVE-2022-22945 is a CLI shell injection vulnerability in VMware NSX Edge that allows authenticated attackers with SSH access to execute arbitrary comm...

CVE-2021-26616 is an OS command injection vulnerability in SecuwaySSL that allows attackers to execute arbitrary commands on affected systems by injec...

This vulnerability allows authenticated attackers to execute arbitrary shell commands with elevated privileges on Fortinet FortiExtender devices. Atta...

CVE-2021-45844 is an OS command injection vulnerability in FreeCAD's ODA File Converter that allows attackers to execute arbitrary commands on the sys...

CVE-2022-23935 is a command injection vulnerability in ExifTool's Perl module that allows attackers to execute arbitrary commands on affected systems....

This vulnerability allows remote attackers to execute arbitrary code on macOS systems running vulnerable versions of Foxit PDF Reader and PDF Editor. ...

This vulnerability allows authenticated local users with low privileges to execute arbitrary commands with elevated privileges on Cisco IOS XR devices...

This vulnerability allows authenticated local attackers with low-privileged accounts to elevate their privileges on Cisco IOS XR devices. Attackers ca...

CVE-2021-3708 is an OS command injection vulnerability in D-Link DSL-2750U routers with firmware vME1.16 or earlier. Unauthenticated attackers on the ...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on FortiAP devices by exploiting improper input sanit...

CVE-2021-1421 is a command injection vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) that allows authenticated local attackers t...

CVE-2021-21503 is an improper input sanitization vulnerability in PowerScale OneFS that allows authenticated Compadmin users to execute arbitrary comm...

CVE-2020-36246 is a privilege escalation vulnerability in Amaze File Manager that allows attackers to gain root privileges by exploiting shell metacha...

This vulnerability allows authenticated local attackers on affected Cisco routers to escalate privileges to root by exploiting insufficient command li...

This vulnerability allows an authenticated local attacker on Cisco Secure Web Appliance (formerly Web Security Appliance) to execute arbitrary command...

This vulnerability in Cisco FXOS Software allows authenticated local attackers to execute arbitrary commands with root privileges by exploiting insuff...

This vulnerability allows authenticated local attackers with privileged EXEC permissions to inject commands that execute with root privileges upon dev...

CVE-2020-12620 is a command injection vulnerability in Pi-hole 4.4 that allows authenticated users with write access to /etc/pihole/dns-servers.conf t...

This CVE describes a command injection vulnerability in WPGraphQL's GitHub Actions workflow that allows arbitrary command execution when merging pull ...

OpenClaw versions before 2026.1.29 contain two command injection vulnerabilities. Attackers can execute arbitrary commands on remote SSH hosts via une...

CVE-2026-22035 is a command injection vulnerability in Greenshot screenshot utility that allows attackers to execute arbitrary operating system comman...

This vulnerability allows authenticated Koha administrators to execute arbitrary commands on the server via shell injection in the scheduler tool. Att...

This vulnerability allows remote command execution on Windows systems when using PHP's proc_open() function with array syntax. An attacker can inject ...

This vulnerability allows attackers to bypass Deno's permission prompts by injecting ANSI escape sequences into standard input during a race condition...

CVE-2022-24753 is an OS command injection vulnerability in Stripe CLI on Windows that allows arbitrary code execution when running specific commands i...

This CVE describes a local command injection vulnerability in McAfee Agent for Windows that allows authenticated local users to execute arbitrary code...

CVE-2021-21414 is an OS command injection vulnerability in Prisma's @prisma/sdk package that could allow remote code execution if the vulnerable getPa...

OpenClaw versions 2026.2.13 and below on macOS are vulnerable to OS command injection when refreshing OAuth tokens in the Keychain. This allows attack...

CVE-2024-2243 is an OS command injection vulnerability in csmock that allows authenticated users with Kerberos tickets to execute arbitrary commands o...

CVE-2023-34254 is a command injection vulnerability in GLPI Agent that allows authenticated remote administrators to execute arbitrary commands on Uni...

This CVE describes an OS command injection vulnerability in FortiWeb's management interface that allows remote authenticated attackers to execute arbi...

This vulnerability allows authenticated users to achieve remote code execution by uploading a ZIP file containing a file with shell metacharacters in ...

CVE-2026-26029 is a command injection vulnerability in sf-mcp-server that allows attackers to execute arbitrary shell commands by injecting malicious ...

CVE-2026-22265 is a command injection vulnerability in Roxy-WI web interface versions prior to 8.2.8.2 that allows authenticated users to execute arbi...

This CVE describes a command injection vulnerability in pnpm package manager versions 6.25.0 through 10.26.2. Attackers who can control environment va...

CVE-2025-64756 is a command injection vulnerability in the glob CLI tool that allows arbitrary command execution when processing files with malicious ...

CVE-2025-55284 allows attackers to bypass Claude Code's confirmation prompts to read local files and exfiltrate their contents over the network withou...

This vulnerability allows remote code execution on Windows systems when using yt-dlp with the --exec option and default placeholder. Attackers can cra...

This vulnerability allows authenticated SFTPGo users to exploit unsanitized rsync command arguments to read or write files with server process permiss...

This vulnerability allows attackers to download arbitrary files from NUS-M9 ERP Management Software v3.0.0 servers by exploiting an insecure file down...

This vulnerability allows attackers to cause denial of service in OpenAirInterface Magma and OAI EPC Federation by sending specially crafted NGAP pack...

Snyk CLI versions before 1.1294.0 are vulnerable to code injection when scanning untrusted PHP projects. Attackers can execute arbitrary code by trick...