CWE-78: OS Command Injection

CVE-2024-58286 is a remote code execution vulnerability in dizqueTV 1.5.3 that allows attackers to inject arbitrary shell commands through the FFMPEG ...

Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code on the ser...

Perl2exe versions up to V30.10C contain an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scrip...

This CVE describes an unauthenticated OS command injection vulnerability in TOTOLINK N300RT wireless router firmware, allowing remote attackers to exe...

CVE-2025-8890 is a shell command injection vulnerability in the network diagnostics tool of SDMC NE6037 routers. Attackers with administrative access ...

A command injection vulnerability in bwdpi allows authenticated remote attackers to execute arbitrary commands on affected ASUS routers. This could le...

A Looker user with Developer role can execute arbitrary commands on the server due to insecure processing of Teradata driver parameters. This affects ...

CVE-2021-4470 is a critical pre-authentication remote code execution vulnerability in TG8 Firewall's runphpcmd.php endpoint. Unauthenticated attackers...

CVE-2021-4466 is an authenticated remote code execution vulnerability in IPCop firewall software. Authenticated attackers can inject shell commands th...

This vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands on affected NEC cluster management software ...

The Zabbix Agent 2 smartctl plugin fails to properly sanitize smart.disk.get parameters, allowing attackers to inject malicious arguments into smartct...