CWE-78: OS Command Injection

This vulnerability allows attackers with administrator cookies to inject malicious commands through improperly validated URLs in Cellopoint CelloOS. I...

CVE-2020-16205 is an OS command injection vulnerability in Geutebruck G-Cam and G-Code devices that allows remote authenticated attackers to execute a...

This CVE allows remote attackers to execute arbitrary operating system commands on affected GPON ONU devices by injecting shell metacharacters into th...

CVE-2020-4512 is an OS command injection vulnerability in IBM QRadar SIEM that allows authenticated privileged users to execute arbitrary commands on ...

This CVE describes an OS command injection vulnerability in PAN-OS management interfaces that allows authenticated administrators to execute arbitrary...

This vulnerability allows authenticated remote attackers with administrative privileges to execute arbitrary commands on Cisco TelePresence and RoomOS...

An OS command injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privi...

Monstra CMS 3.0.4 allows authenticated administrators to execute arbitrary operating system commands through the Theme Module's Edit Chunk feature. Th...

CVE-2025-11142 is an OS command injection vulnerability in Axis camera VAPIX API's mediaclip.cgi endpoint that allows authenticated attackers with ope...

CVE-2023-26039 is an OS command injection vulnerability in ZoneMinder's HostController.php that allows authenticated users to execute arbitrary shell ...

This vulnerability allows an unauthenticated attacker to execute arbitrary code as root on Linux systems running vulnerable FortiClient versions by tr...

CVE-2021-21315 is a command injection vulnerability in the systeminformation npm package that allows attackers to execute arbitrary commands on affect...

This CVE describes a local privilege escalation vulnerability in FortiSOAR where an attacker with existing low-privileged shell access can execute arb...

Xiaomi routers have a command injection vulnerability in their external interface due to insufficient input filtering. Attackers can exploit this by h...

This vulnerability in RDoc (Ruby's documentation generator) allows arbitrary code execution when processing filenames containing pipe (|) or backtick ...

This vulnerability allows authenticated attackers on the same network to execute arbitrary commands as root on Deciso OPNsense firewalls. The flaw exi...

The VSCode extension for Spring CLI contains a command injection vulnerability (CWE-78) that allows attackers to execute arbitrary commands on a user'...

CVE-2025-55055 is an OS command injection vulnerability that allows attackers to execute arbitrary commands on affected systems by injecting malicious...

pgAdmin 4 on Windows systems contains a command injection vulnerability that allows attackers to execute arbitrary system commands through specially c...

This CVE describes an OS command injection vulnerability in SAP Business Connector that allows authenticated administrators with adjacent network acce...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia receivers. At...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia receivers dur...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia systems by ex...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia receivers by ...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia systems witho...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR in-car entertainment systems...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia systems. Atta...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia systems witho...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia receivers by ...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia receivers by ...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia receivers by ...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia receivers. At...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia receivers by ...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia receivers by ...

This CVE describes a command injection vulnerability in Kenwood DMX958XR firmware update process that allows physically present attackers to execute a...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia systems by ex...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia receivers dur...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia systems by ex...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia receivers by ...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia receivers by ...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia receivers. At...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia systems by ex...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia systems by ex...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia systems by ex...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia receivers by ...

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia systems by ex...

A command injection vulnerability in Poly Clariti Manager versions before 10.12.2 allows privileged users to execute arbitrary commands on the system....

This vulnerability in the ns_backup TYPO3 extension allows attackers to execute arbitrary commands on the server through command injection. It affects...

This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers where an attacker can execute arbitrary commands via the 'week' pa...

This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers via the 'desc' parameter in the setWiFiScheduleCfg function. Attac...