CWE-78: OS Command Injection

An unauthenticated command injection vulnerability in Zyxel NWA1100-N firmware allows attackers to execute arbitrary OS commands and access system fil...

This vulnerability allows network-adjacent attackers to execute arbitrary commands as root on TP-Link Omada ER605 routers by injecting malicious comma...

This CVE describes a command injection vulnerability in D-Link DIR-845L routers that allows attackers to execute arbitrary commands on the device. The...

This CVE describes an OS command injection vulnerability in multiple QNAP operating system versions that allows authenticated users to execute arbitra...

CVE-2023-47415 is an OS command injection vulnerability in Cypress Solutions CTM-200 devices that allows attackers to execute arbitrary commands on th...

This vulnerability allows remote attackers to execute arbitrary operating system commands on Panasonic AiSEG2 home energy management systems. Attacker...

CVE-2021-3725 is a command injection vulnerability in the dirhistory plugin for Oh My Zsh. It allows attackers to execute arbitrary commands by tricki...

This CVE-2021-3727 is a command injection vulnerability in Oh My Zsh's rand-quote and hitokoto plugins. When these plugins fetch quotes from external ...

TensorFlow's saved_model_cli tool is vulnerable to code injection via unsafe eval() calls on user-supplied strings, allowing attackers to execute arbi...

CVE-2020-26301 is a command injection vulnerability in the ssh2 npm package that allows remote code execution on Windows systems. Attackers can execut...

CVE-2021-32751 allows arbitrary code execution when attackers can manipulate environment variables for users running vulnerable Gradle start scripts o...

CVE-2021-23359 is a command injection vulnerability in the port-killer npm package that allows attackers to execute arbitrary commands on the system. ...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on Pepperl+Fuchs Comtrol IO-Link Master devices. Atta...

CVE-2020-14293 is an OS command injection vulnerability in Secudos DOMOS 5.8 that allows remote attackers to execute arbitrary commands as root via sh...

CVE-2025-68922 is a remote code execution vulnerability in OpenOps that allows attackers to execute arbitrary commands via the Terraform block. This a...

This vulnerability in jupyterlab-git allows command injection when users open maliciously-named Git repositories via the 'Open Git Repository in Termi...

This CVE describes a command injection vulnerability in VONETS VAP11G-300 devices that allows attackers to execute arbitrary commands on the system. T...

This vulnerability allows attackers to bypass Nuclei's template signature verification by exploiting a discrepancy in how newline characters are handl...

This vulnerability in Nuclei allows attackers to execute arbitrary commands without requiring the -code option, bypassing intended security controls. ...

This vulnerability in Nuclei v3 allows execution of unsigned code templates through workflows, potentially enabling attackers to run malicious code on...

Softnext Mail SQR Expert has a command injection vulnerability (CWE-78) where authenticated localhost users can execute arbitrary system commands due ...

CVE-2022-25853 is a command injection vulnerability in the semver-tags npm package that allows attackers to execute arbitrary commands on the host sys...

CVE-2022-25906 is a command injection vulnerability in the is-http2 npm package that allows attackers to execute arbitrary commands on affected system...

This vulnerability allows authenticated low-privileged attackers with physical access to DCN S4600-10P-SI switches to escape the sandbox environment a...

CVE-2021-21289 is a command injection vulnerability in the Mechanize Ruby library that allows attackers to execute arbitrary operating system commands...

CVE-2020-15778 is a command injection vulnerability in the scp client of OpenSSH, allowing attackers to execute arbitrary commands on a remote server ...

CVE-2020-15121 is a shell injection vulnerability in radare2 reverse engineering framework where malformed PDB file names in the PDB server path allow...

NVIDIA Nsight Systems contains an OS command injection vulnerability in the gfx_hotspot recipe. Attackers can execute arbitrary commands by supplying ...

This vulnerability allows attackers to execute arbitrary operating system commands by injecting malicious strings into the installation path parameter...

CVE-2025-12121 is an OS command injection vulnerability in Lite XL text editor versions 2.1.8 and earlier. Attackers can execute arbitrary commands wi...

The D-Link DIR-868L A1 router has an unauthenticated remote code execution vulnerability in its HNAP service. Attackers can exploit this by sending sp...

This vulnerability allows unauthenticated attackers to execute arbitrary commands with limited privileges on IBM Security Verify Access systems. It af...

This CVE describes a command injection vulnerability in Unitree robotic products that allows attackers to execute arbitrary commands as root by inject...

CVE-2025-59534 is a command injection vulnerability in CryptoLib's initialize_kerberos_keytab_file_login() function that allows attackers to execute a...

This CVE describes an OS command injection vulnerability in Sato CL4/6NX Plus and CL4/6NX-J Plus label printers. Attackers with non-administrative acc...

This CVE describes an OS command injection vulnerability in Dell Unity storage systems. Unauthenticated remote attackers can execute arbitrary command...

CVE-2024-49601 is an OS command injection vulnerability in Dell Unity storage systems that allows unauthenticated remote attackers to execute arbitrar...

This vulnerability allows unauthenticated attackers with network access to execute arbitrary system commands on affected devices via the web interface...

This cross-site scripting (XSS) vulnerability affects Advantech industrial wireless access points. Attackers can exploit it by creating a malicious Wi...

This CVE describes a command injection vulnerability in Tenda AX2 Pro routers that allows remote attackers to execute arbitrary commands with root pri...

This critical vulnerability in HuangDou UTCMS V9 allows remote attackers to execute arbitrary operating system commands through command injection in t...

CVE-2024-21532 is a command injection vulnerability in the ggit npm package that allows attackers to execute arbitrary commands on the host system. Th...

This critical vulnerability in F-logic DataCube3 1.0 allows remote attackers to execute arbitrary operating system commands via command injection in t...

This critical vulnerability allows remote attackers to execute arbitrary operating system commands on Faraday GM8181 and GM828x DVR devices by injecti...

This CVE describes an OS command injection vulnerability in WebProxy versions 1.7.8 and 1.7.9 that allows remote unauthenticated attackers to execute ...

This OS command injection vulnerability in openEuler's aops-ceres component allows attackers to execute arbitrary commands on affected systems. It aff...

This critical vulnerability in openBI allows remote attackers to execute arbitrary operating system commands through command injection in the dlfile f...

This critical vulnerability in Totolink N200RE routers allows remote attackers to execute arbitrary operating system commands via command injection in...

This critical vulnerability allows remote attackers to execute arbitrary operating system commands on Totolink N200RE routers by injecting malicious c...

This critical vulnerability in Totolink LR1200GB routers allows remote attackers to execute arbitrary operating system commands through command inject...