CWE-78: OS Command Injection

A command injection vulnerability in aquasecurity/trivy-action GitHub Action versions 0.31.0-0.33.1 allows attackers to execute arbitrary commands on ...

A command injection vulnerability in TrustyAI Explainability toolkit allows authenticated users with CR deployment permissions to execute arbitrary co...

This CVE describes an OS command injection vulnerability in BUFFALO wireless LAN routers and repeaters. An authenticated attacker can execute arbitrar...

This vulnerability allows authenticated local attackers with read-only CLI access to overwrite arbitrary files on Cisco Catalyst SD-WAN Manager device...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on Nexxt Solutions NCM-X1800 Mesh Routers by exploiti...

This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on servers running GNU Mailman 2.1.39 in certain ex...

An authenticated OS command injection vulnerability in PLDT WiFi Router's Prolink PGN6401V allows attackers to execute arbitrary system commands with ...

Unauthenticated attackers can cause Denial of Service (DoS) by exploiting vulnerabilities in the CLI service accessed via the PAPI protocol in Aruba/H...

Unauthenticated attackers can cause Denial of Service (DoS) in Aruba Central Communications service via PAPI protocol, disrupting normal operations. T...

This vulnerability allows authenticated local administrators on affected Cisco Nexus switches to execute arbitrary commands with root privileges by in...

This vulnerability in Jenkins Git client Plugin allows attackers who can control workspace directory names to inject arbitrary operating system comman...

This critical vulnerability in TOTOLINK A720R routers allows remote attackers to execute arbitrary operating system commands through the exportOvpn fu...

This vulnerability allows remote attackers to execute arbitrary operating system commands with root privileges on affected NRadio N8-180 devices. Atta...

CVE-2025-36143 is an OS command injection vulnerability in IBM Lakehouse (watsonx.data 2.2) that allows authenticated privileged users to execute arbi...

This vulnerability in HPE Aruba ClearPass Policy Manager allows authenticated remote attackers to execute arbitrary commands on the underlying host wi...

This CVE describes an OS command injection vulnerability in QNAP operating systems that allows authenticated administrators to execute arbitrary comma...

This CVE describes a critical OS command injection vulnerability in Ruijie RG-UAC Unified Internet Behavior Management Audit System. Attackers can exe...

This CVE describes a critical OS command injection vulnerability in Ruijie RG-UAC Unified Internet Behavior Management Audit System. Attackers can rem...

This CVE describes a critical OS command injection vulnerability in Huashi Private Cloud CDN Live Streaming Acceleration Server. Attackers can remotel...

This CVE describes a critical OS command injection vulnerability in Ruijie RG-UAC Unified Internet Behavior Management Audit System. Attackers can rem...

This critical vulnerability in Ruijie RG-UAC Unified Internet Behavior Management Audit System allows remote attackers to execute arbitrary operating ...

This critical vulnerability in Ruijie RG-UAC Unified Internet Behavior Management Audit System allows remote attackers to execute arbitrary operating ...

This CVE describes a critical OS command injection vulnerability in Ruijie RG-UAC Unified Internet Behavior Management Audit System. Attackers can exe...

This critical vulnerability in Ruijie RG-UAC Unified Internet Behavior Management Audit System allows remote attackers to execute arbitrary operating ...

This CVE describes a critical OS command injection vulnerability in Ruijie RG-UAC Unified Internet Behavior Management Audit System. Attackers can exe...

This CVE describes an OS command injection vulnerability in Apache Airflow's example_dag_decorator where unvalidated parameters could allow UI users t...

This vulnerability allows authenticated attackers with high privileges to execute arbitrary system commands when initializing the rSeries FIPS module ...

A command injection vulnerability in HCL AION 2.0 allows attackers to execute arbitrary commands on the underlying system by injecting malicious input...

This vulnerability allows authenticated local attackers on Cisco NX-OS devices to execute command injection attacks on the underlying operating system...

This vulnerability in the gix-transport Rust crate allows remote command execution via specially crafted SSH URLs containing ProxyCommand injection. I...

This CVE describes a command injection vulnerability in Meshtastic's GitHub Actions workflow that allows attackers to execute arbitrary code in the CI...

This CVE describes an OS command injection vulnerability in TOTOLINK X6000R routers that allows attackers to execute arbitrary commands on the device....

This CVE describes a command injection vulnerability in nvm (Node Version Manager) where the NVM_AUTH_HEADER environment variable is not properly sani...

A command injection vulnerability in gradle-completion up to version 9.3.0 allows arbitrary code execution when users trigger Bash tab completion in p...

CVE-2025-6225 is a shell command injection vulnerability in Kieback&Peter Neutrino-GLT building management system's SM70 PHWEB web component. Attacker...

This CVE describes an OS command injection vulnerability (CWE-78) in Johnson Controls building automation systems. Successful exploitation could allow...

This CVE describes an OS command injection vulnerability (CWE-78) in Johnson Controls building automation systems. Attackers could execute arbitrary c...

This vulnerability allows remote attackers to execute arbitrary system commands on affected WODESYS routers via the langGet parameter in the adm.cgi e...

This CVE describes an OS command injection vulnerability (CWE-78) in Johnson Controls Metasys products that allows attackers to execute arbitrary comm...

CVE-2023-53872 is an OS command injection vulnerability in Wp2Fac 1.0 that allows remote attackers to execute arbitrary system commands on the server....

CVE-2024-58286 is a remote code execution vulnerability in dizqueTV 1.5.3 that allows attackers to inject arbitrary shell commands through the FFMPEG ...

Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code on the ser...

Perl2exe versions up to V30.10C contain an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scrip...

This CVE describes an unauthenticated OS command injection vulnerability in TOTOLINK N300RT wireless router firmware, allowing remote attackers to exe...

CVE-2025-8890 is a shell command injection vulnerability in the network diagnostics tool of SDMC NE6037 routers. Attackers with administrative access ...

A command injection vulnerability in bwdpi allows authenticated remote attackers to execute arbitrary commands on affected ASUS routers. This could le...

A Looker user with Developer role can execute arbitrary commands on the server due to insecure processing of Teradata driver parameters. This affects ...

CVE-2021-4470 is a critical pre-authentication remote code execution vulnerability in TG8 Firewall's runphpcmd.php endpoint. Unauthenticated attackers...

CVE-2021-4466 is an authenticated remote code execution vulnerability in IPCop firewall software. Authenticated attackers can inject shell commands th...

This vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands on affected NEC cluster management software ...