CWE-78: OS Command Injection

CVE-2025-66208 is a critical OS command injection vulnerability in Collabora Online's built-in CODE server (richdocumentscode proxy). It allows remote...

MCP Watch versions 0.1.2 and earlier contain a critical command injection vulnerability in the MCPScanner class. Attackers can execute arbitrary comma...

This CVE describes a command injection vulnerability in Cursor that allows unauthorized attackers to bypass allowlist restrictions and execute arbitra...

This CVE describes an unauthenticated OS command injection vulnerability in DB Electronica Telecomunicazioni Mozart FM Transmitters. Attackers can exe...

This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on DB Electronica Telecomunicazioni Mozart FM Trans...

CVE-2025-64755 is a critical vulnerability in Claude Code versions before 2.0.31 that allows attackers to bypass read-only validation and write arbitr...

This vulnerability allows remote attackers to execute arbitrary operating system commands on Ilevia EVE X1 Server devices via the ping.php component, ...

ThinPLUS software contains an OS command injection vulnerability that allows unauthenticated remote attackers to execute arbitrary operating system co...

CVE-2022-50596 is a critical command injection vulnerability in D-Link DIR-1260 routers that allows unauthenticated attackers to execute arbitrary com...

This CVE describes an OS command injection vulnerability in Dynatrace ActiveGate's ping extension. Attackers can execute arbitrary commands on affecte...

CVE-2025-11953 is a critical OS command injection vulnerability in the React Native Community CLI's Metro Development Server. Unauthenticated attacker...

Nagios XI versions before 2024R1.2 contain a critical remote code execution vulnerability in the NRDP server plugins. Attackers can send specially cra...

This vulnerability allows remote attackers to execute arbitrary code on win-cli-mcp-server installations without authentication. Attackers can inject ...

This CVE describes a critical command injection vulnerability in D-Link DNS-343 ShareCenter network storage devices. Unauthenticated remote attackers ...

Antabot White-Jotter contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands on affected s...

This is an unauthenticated remote command injection vulnerability in AMTT Hotel Broadband Operation System (HiBOS). Attackers can execute arbitrary sy...

This critical vulnerability (CVE-2025-6542) allows remote unauthenticated attackers to execute arbitrary operating system commands on affected Omada a...

CVE-2025-11900 is an unauthenticated remote OS command injection vulnerability in HGiga's iSherlock software. Attackers can execute arbitrary commands...

Ilevia EVE X1 Server firmware contains an unauthenticated OS command injection vulnerability in mbus_build_from_csv.php that allows remote attackers t...

CVE-2025-10659 allows unauthenticated attackers to execute arbitrary operating system commands on Telenium Online web servers through a vulnerable PHP...

The Post By Email WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This can lead to re...

CVE-2025-11148 is a critical command injection vulnerability in the check-branches npm package that allows attackers to execute arbitrary commands on ...

This CVE describes an OS command injection vulnerability in TOTOLINK X6000R routers that allows attackers to execute arbitrary commands on the device....

This vulnerability allows remote attackers to execute arbitrary code on Datart servers by exploiting improper input validation in the INIT connection ...

This vulnerability in HyperX NGENUITY software allows attackers to execute arbitrary code on affected systems by exploiting improper neutralization of...

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands on Ilevia EVE X1 Server systems. At...

This vulnerability allows remote attackers to bypass authentication on Ilevia EVE X1/X5 Server by injecting special characters into the authentication...

CVE-2025-59359 is an OS command injection vulnerability in Chaos Controller Manager's cleanTcs mutation that allows unauthenticated attackers within a...

CVE-2025-59361 is an OS command injection vulnerability in Chaos Mesh's cleanIptables mutation that allows unauthenticated attackers within a Kubernet...

This CVE-2025-55048 vulnerability involves multiple instances of CWE-78 (Improper Neutralization of Special Elements used in an OS Command), allowing ...

CVE-2025-58371 is a critical vulnerability in Roo Code versions 3.26.6 and below that allows remote code execution on GitHub Actions runners. Attacker...

This vulnerability allows remote unauthenticated attackers to execute arbitrary operating system commands with root privileges on SkyBridge BASIC MB-A...

This vulnerability allows remote attackers to execute arbitrary operating system commands on TRENDnet TV-IP410 vA1.0R security cameras via the /server...

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands as root on D-Link DIR-868L B1 route...

This CVE describes an unauthenticated remote command execution vulnerability in multiple D-Link DIR-series routers. Attackers can send specially craft...

CVE-2025-3128 is a critical OS command injection vulnerability in Mitsubishi Electric smartRTU devices that allows unauthenticated remote attackers to...

This vulnerability allows remote unauthenticated attackers to execute arbitrary operating system commands with root privileges on KuWFi GC111 devices....

Cherry Studio desktop client versions 1.2.5 to 1.5.1 are vulnerable to OS command injection when connecting to malicious MCP servers in HTTP Streamabl...

This critical vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on FortiSIEM systems via crafted CLI reque...

This CVE describes a command injection vulnerability in TOTOLINK N600R routers that allows attackers to execute arbitrary commands on the device. The ...

This CVE describes an unauthenticated remote command execution vulnerability in legacy D-Link routers. Attackers can send specially crafted POST reque...

An unauthenticated OS command injection vulnerability in Russound MBX-PRE-D67F firmware allows attackers to execute arbitrary commands as root by send...

This CVE describes a command injection vulnerability in CodeIgniter's ImageMagick handler that allows remote code execution. Applications using ImageM...

A critical remote code execution vulnerability in Gardyn 4 allows attackers to execute arbitrary code on affected systems. This affects all Gardyn 4 i...

This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on WordPress sites running vulnerable versions of t...

This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on servers running Eveo URVE Web Manager 27.02.2025...

This vulnerability allows unauthenticated attackers to write arbitrary files to Sophos Firewall systems, potentially leading to remote code execution....

CVE-2025-7451 is an unauthenticated remote OS command injection vulnerability in iSherlock software developed by Hgiga. Attackers can execute arbitrar...

This CVE describes an OS command injection vulnerability in Nimesa Backup and Recovery software versions 2.3 and 2.4. Attackers can execute arbitrary ...

CVE-2025-26074 is a critical remote code execution vulnerability in Orkes Conductor that allows attackers to execute arbitrary operating system comman...