CWE-78: OS Command Injection

This CVE describes an OS command injection vulnerability in Fortinet FortiDDoS and FortiDDoS-F products. An authenticated attacker can execute arbitra...

This CVE describes an OS command injection vulnerability in QNAP Media Streaming add-on that allows authenticated administrators to execute arbitrary ...

This vulnerability allows authenticated administrators on Cisco UCS Manager to execute arbitrary operating system commands with root privileges due to...

This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain systems running affected DD OS versions. A high-privileged a...

This CVE describes an OS command injection vulnerability in D-Link C1 routers where an attacker can execute arbitrary commands via the HTTP 'time' par...

This CVE describes an OS command injection vulnerability in Tenda AC9 routers where an attacker can execute arbitrary commands on the device by manipu...

This vulnerability allows authenticated administrators on Cisco UCS Manager to execute arbitrary commands with root privileges through command injecti...

AAPanel v7.0.7 contains an OS command injection vulnerability (CWE-78) that allows attackers to execute arbitrary commands on the server. This affects...

This vulnerability allows authenticated low-privileged remote attackers to perform OS command injection through Cisco IOS XE's web management interfac...

This CVE describes an OS command injection vulnerability in the Infinxt iEdge 100 router's Troubleshoot module. Attackers can execute arbitrary comman...

CVE-2025-26320 is an OS command injection vulnerability in t0mer BroadlinkManager v5.9.1 that allows attackers to execute arbitrary commands on the ho...

This vulnerability allows authenticated remote attackers with administrative privileges to execute arbitrary commands as root on Cisco ATA 190 Multipl...

Xiaomi AX9000 routers have a post-authentication command injection vulnerability that allows authenticated attackers to execute arbitrary commands wit...

This vulnerability allows authenticated local attackers to cause Cisco access points to reboot by submitting specially crafted CLI commands. It affect...

This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain systems. A high-privileged attacker with local access can ex...

Ghostty terminal emulator versions before 1.3.0 allow control characters like Ctrl+C in pasted/dropped text, which can execute arbitrary commands in s...

This vulnerability allows authenticated users to execute arbitrary commands on IBM DataStage systems due to improper input validation in the wrapped c...

This vulnerability allows authenticated users to execute arbitrary commands on IBM DataStage systems due to improper input validation in the job subro...

This vulnerability in Liquid Prompt allows arbitrary command injection when users navigate to directories containing Git repositories with malicious b...

This vulnerability allows authenticated attackers with at least Observer role credentials to execute arbitrary commands as root in a restricted contai...

This CVE describes an OS command injection vulnerability in Powered BLUE 870 software versions 0.20130927 and earlier. Attackers can execute arbitrary...

This critical vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK T10 routers by exploiting a command inj...

This critical vulnerability in TOTOLINK AC1200 T8 routers allows remote attackers to execute arbitrary operating system commands via the setDiagnosisC...

This CVE describes a critical OS command injection vulnerability in Alien Technology ALR-F800 RFID readers. Attackers can execute arbitrary commands r...

This critical vulnerability allows remote attackers to execute arbitrary operating system commands on affected Raisecom gateway devices by manipulatin...

This CVE describes a critical OS command injection vulnerability in Raisecom gateway devices' web interface. Attackers can execute arbitrary commands ...

This critical vulnerability in TOTOLINK A3600R routers allows remote attackers to execute arbitrary operating system commands via command injection in...

This vulnerability in xdg-desktop-portal-hyprland allows OS command injection due to improper escaping when passing application IDs and titles via env...

This critical vulnerability allows remote attackers to execute arbitrary operating system commands on affected Raisecom gateway devices by manipulatin...

This critical vulnerability in Ruijie RG-UAC 1.0 allows remote attackers to execute arbitrary operating system commands through command injection in t...

This critical vulnerability in Ruijie RG-UAC 1.0 allows remote attackers to execute arbitrary operating system commands via command injection in the g...

This CVE describes a critical OS command injection vulnerability in D-Link DAR-7000-40 network devices. Attackers can remotely execute arbitrary comma...

This critical vulnerability in Ruijie RG-UAC Unified Internet Behavior Management Audit System allows remote attackers to execute arbitrary operating ...

This critical vulnerability in Ruijie RG-UAC Unified Internet Behavior Management Audit System allows remote attackers to execute arbitrary operating ...

This vulnerability allows remote attackers with administrative access to execute arbitrary commands with root privileges on Opto22 Groov Manage device...

This vulnerability in Tiki Wiki CMS allows attackers to inject malicious scripts into web pages through improper HTML tag neutralization. It affects a...

This vulnerability allows authenticated remote attackers with Network Administrator privileges to execute arbitrary operating system commands on Cisco...

This vulnerability in Cisco Catalyst 9300 switches allows authenticated local attackers with level-15 privileges or unauthenticated attackers with phy...

This vulnerability allows authenticated local attackers with Administrator credentials to execute arbitrary code as root on Cisco ASA and FTD devices ...

This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain systems. A high-privileged attacker with local access could ...

This vulnerability in Cisco UCS Manager CLI allows authenticated administrators to read, create, or overwrite any file on the underlying operating sys...

This vulnerability allows authenticated local attackers with Administrator credentials to execute arbitrary commands as root on Cisco Secure Firewall ...

This vulnerability in Cisco ATA 190 Series Analog Telephone Adapters allows authenticated local attackers with high privileges to execute arbitrary co...

This vulnerability allows authenticated administrators on Cisco Identity Services Engine (ISE) to execute arbitrary commands on the underlying operati...

This vulnerability allows authenticated users with Administrator credentials to execute arbitrary commands as root on Cisco NX-OS devices through comm...

This vulnerability allows a compadmin user on Dell PowerScale OneFS systems to escalate privileges and execute arbitrary commands as root. It affects ...

A command injection vulnerability in aquasecurity/trivy-action GitHub Action versions 0.31.0-0.33.1 allows attackers to execute arbitrary commands on ...

A command injection vulnerability in TrustyAI Explainability toolkit allows authenticated users with CR deployment permissions to execute arbitrary co...

This CVE describes an OS command injection vulnerability in BUFFALO wireless LAN routers and repeaters. An authenticated attacker can execute arbitrar...

This vulnerability allows authenticated local attackers with read-only CLI access to overwrite arbitrary files on Cisco Catalyst SD-WAN Manager device...