CWE-78: OS Command Injection

This is a critical OS command injection vulnerability in Stupid Simple CMS that allows remote attackers to execute arbitrary commands on the server. A...

This vulnerability in mailcow's Sync Job feature allows authenticated users with specific permissions to execute arbitrary shell commands via command ...

CVE-2022-1292 is a command injection vulnerability in the c_rehash script distributed with OpenSSL. It allows attackers to execute arbitrary commands ...

Dell VNX2 file storage systems running version 8.1.21.266 or earlier contain an unauthenticated remote code execution vulnerability. Attackers can exe...

This vulnerability allows remote code execution in Mahara e-portfolio systems through shell command injection. Attackers can execute arbitrary command...

CVE-2021-23399 is a command injection vulnerability in the wincred npm package that allows attackers to execute arbitrary commands on systems using vu...

CVE-2021-23381 is a command injection vulnerability in the 'killing' npm package that allows attackers to execute arbitrary commands on affected syste...

CVE-2021-23374 is a command injection vulnerability in the ps-visitor npm package that allows attackers to execute arbitrary commands on the host syst...

CVE-2020-28429 is a command injection vulnerability in the geojson2kml npm package that allows attackers to execute arbitrary system commands by passi...

CVE-2020-28426 is a command injection vulnerability in the kill-process-on-port npm package that allows attackers to execute arbitrary commands on the...

Multiple authenticated OS command injection vulnerabilities in Cohesity TranZman 4.0 allow authenticated admin users to execute arbitrary commands wit...

CVE-2025-63911 is an authenticated command injection vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614. This allows authe...

This CVE describes a post-authentication command injection vulnerability in Zyxel VMG3625-T50B devices. An authenticated attacker with administrator p...

This CVE describes a post-authentication command injection vulnerability in Zyxel firewall devices. An authenticated attacker with administrator privi...

An OS command injection vulnerability in ELECOM WRC-X1500GS-B and WRC-X1500GSA-B wireless routers allows authenticated attackers to execute arbitrary ...

This CVE describes an authenticated command injection vulnerability in TP-Link Archer BE230 routers. Attackers with admin access can execute arbitrary...

This CVE describes a command injection vulnerability in the Archer BE230 router's VPN Connection Service that requires admin authentication. Successfu...

A command injection vulnerability in TP-Link Archer BE230 routers allows authenticated attackers to execute arbitrary OS commands via the configuratio...

This CVE describes a command injection vulnerability in TP-Link Archer BE230 routers that allows authenticated attackers to execute arbitrary commands...

This CVE describes a command injection vulnerability in TP-Link Archer BE230 routers that allows authenticated attackers to execute arbitrary commands...

This vulnerability allows attackers with valid credentials to execute arbitrary commands on affected Hikvision Wireless Access Points by sending speci...

This CVE describes an OS command injection vulnerability in Ruijie AP180 series access points running vulnerable firmware versions. Attackers can exec...

Authenticated command injection vulnerabilities in Aruba mobility conductors running AOS-8 allow attackers with valid credentials to execute arbitrary...

Authenticated command injection vulnerabilities in Aruba mobility conductors running AOS-8 allow authenticated attackers to execute arbitrary commands...

Authenticated command injection vulnerabilities in Aruba mobility conductors running AOS-8 allow attackers with valid credentials to execute arbitrary...

Vivotek IP7137 cameras with vulnerable firmware allow authenticated attackers to execute arbitrary system commands via command injection in the system...

This vulnerability allows authenticated users with high privileges to inject arbitrary operating system commands through backup configuration paramete...

This vulnerability allows authenticated remote attackers to execute arbitrary operating system commands on DreamFactory instances. Attackers can achie...

PhotoShow 3.0 contains a remote code execution vulnerability where authenticated administrators can inject malicious commands through the exiftran pat...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on Ruijie Networks AP180 series wireless access point...

RiteCMS v3.1.0 contains an authenticated remote code execution vulnerability in the parse_special_tags() function that allows authenticated users to e...

This CVE describes an OS command injection vulnerability in Fortinet FortiExtender devices that allows authenticated attackers to execute arbitrary co...

This OS command injection vulnerability in Fortinet FortiSandbox allows authenticated attackers to execute arbitrary commands on the underlying system...

This OS command injection vulnerability in Fortinet FortiSandbox allows remote privileged attackers to execute arbitrary commands via crafted HTTP/HTT...

This CVE describes a command injection vulnerability in Array Networks ArrayOS AG VPN appliances. Attackers can execute arbitrary commands on affected...

This OS command injection vulnerability in Fortinet FortiWeb web application firewalls allows authenticated attackers to execute arbitrary commands on...

Nagios Log Server versions before 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' f...

This OS command injection vulnerability in NCP-HG100 network devices allows authenticated attackers to execute arbitrary commands with root privileges...

FreePBX Endpoint Manager's filestore module contains a post-authentication command injection vulnerability in the SSH test connection function. Authen...

This vulnerability allows authenticated system administrators in Advantech WebAccess/VPN to execute arbitrary commands on the server by uploading spec...

This CVE describes an OS command injection vulnerability in FutureNet MA and IP-K series devices from Century Systems. Authenticated users can execute...

This vulnerability allows authenticated administrators in Nagios Network Analyzer to execute arbitrary commands on the underlying host through imprope...

Nagios XI versions before 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Authenticated administrators ...

This OS command injection vulnerability in Dell Unity storage systems allows low-privileged local attackers to execute arbitrary commands with root pr...

This CVE describes a command injection vulnerability in diagnostics functionality that allows attackers to execute arbitrary commands on affected syst...

This OS command injection vulnerability in Centreon Infra Monitoring allows authenticated high-privilege users to inject arbitrary commands into polle...

This vulnerability allows authenticated administrators in Ivanti EPMM to execute arbitrary operating system commands through the admin panel, leading ...

This CVE describes an OS command injection vulnerability in Ivanti EPMM admin panel that allows authenticated administrators to execute arbitrary comm...

Two OS command injection vulnerabilities in Fortinet FortiVoice allow privileged attackers to execute arbitrary commands via crafted HTTP/HTTPS or CLI...

A privilege escalation vulnerability in Flowmon versions before 12.5.5 allows administrators with management interface access to execute unintended co...