CWE-78: OS Command Injection

This critical vulnerability allows remote unauthenticated attackers to execute arbitrary operating system commands on affected ELECOM WRH-733GBK and W...

Multiple Sapido wireless router models contain an unauthenticated remote OS command injection vulnerability (CWE-78), allowing attackers to execute ar...

An unauthenticated remote OS command injection vulnerability in EnGenius EnShare Cloud Service allows attackers to execute arbitrary shell commands wi...

A critical OS command injection vulnerability in MiniDVBLinux allows remote unauthenticated attackers to execute arbitrary commands as root. This affe...

This critical vulnerability allows unauthenticated attackers to execute arbitrary commands with root privileges on affected H3C routers by bypassing a...

CVE-2025-50201 is an unauthenticated OS command injection vulnerability in WeGIA web management software that allows attackers to execute arbitrary co...

This critical vulnerability in u-link Management API allows unauthenticated attackers in man-in-the-middle positions to inject arbitrary commands that...

This CVE describes a critical command injection vulnerability in Wavlink WL-WN579A3 routers that allows attackers to execute arbitrary commands on aff...

This vulnerability allows remote unauthenticated attackers to execute arbitrary operating system commands on I-O DATA HDL-T Series network attached st...

This CVE describes a command injection vulnerability in TOTOLINK A3002R routers that allows attackers to execute arbitrary commands on the device. The...

This CVE describes a pre-authentication remote command execution vulnerability in multiple TOTOLINK router models. Attackers can execute arbitrary com...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-832x routers by injecting malicious code into the macaddr param...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR 823x routers via command injection in the target_addr parameter...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on TOTOLINK A810R routers. Attackers can exploit the setNotic...

This CVE describes an OS command injection vulnerability in Wi-Fi AP UNIT 'AC-WPS-11ac series' devices. Remote attackers who can authenticate to the d...

CVE-2025-3363 is a critical OS command injection vulnerability in HGiga's iSherlock web service that allows unauthenticated remote attackers to execut...

CVE-2025-3361 is an unauthenticated OS command injection vulnerability in HGiga iSherlock web service that allows remote attackers to execute arbitrar...

CVE-2025-26817 is an OS command injection vulnerability in Netwrix Password Secure 9.2.0.32454 that allows authenticated attackers to execute arbitrar...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK A3002R routers via command injection in the bandstr parameter of ...

This vulnerability allows remote attackers to execute arbitrary code on TOTOLINK A3100R routers by exploiting improper input sanitization in the setWe...

Netgear DC112A V1.0.0.64 contains an OS command injection vulnerability in the usb_adv.cgi endpoint that allows remote attackers to execute arbitrary ...

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands as root on Dell Unity storage syste...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on TOTOLINK A800R routers by exploiting improper input validation in...

The Edimax IC-7100 network camera has an OS command injection vulnerability (CWE-78) that allows remote code execution. Attackers can send specially c...

OpenPanel v0.3.4 contains an OS command injection vulnerability in the timezone parameter that allows attackers to execute arbitrary commands on the u...

This vulnerability allows remote attackers to execute arbitrary commands on devices connected to the cloud through improper neutralization of special ...

CVE-2025-20014 is a critical OS command injection vulnerability in mySCADA myPRO software that allows unauthenticated attackers to execute arbitrary c...

This CVE describes an OS command injection vulnerability in Y'S corporation STEALTHONE D220/D340 network storage servers. Attackers who can access the...

An unauthenticated OS command injection vulnerability in Palo Alto Networks Expedition allows attackers to execute arbitrary commands as the www-data ...

This CVE describes an authentication bypass vulnerability in NETGEAR DGN1000 routers that allows remote unauthenticated attackers to execute arbitrary...

CVE-2024-9140 is a critical OS command injection vulnerability in Moxa cellular routers, secure routers, and network security appliances that allows a...

This vulnerability in Tiki Wiki CMS allows attackers to execute arbitrary operating system commands on the server by injecting malicious input. It aff...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on affected systems through malicious HTTP requests, leading to remo...

This CVE describes a command injection vulnerability in QNAP License Center that allows remote attackers to execute arbitrary commands on affected sys...

This vulnerability allows remote authenticated attackers to execute arbitrary commands on IBM Security Verify Access Appliances. Attackers can achieve...

This critical vulnerability in ESM 11.6.10 allows unauthenticated attackers to access the internal Snowservice API and execute arbitrary commands as r...

This vulnerability allows remote unauthenticated attackers to execute arbitrary operating system commands with root privileges on affected Advantech w...

This vulnerability allows remote unauthenticated attackers to execute arbitrary operating system commands with root privileges on affected Advantech w...

This is a critical OS command injection vulnerability in Advantech wireless access points that allows remote unauthenticated attackers to execute arbi...

This critical vulnerability in Cohesive Networks VNS3 allows unauthenticated remote attackers to execute arbitrary commands as root on affected system...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X6000R routers by exploiting insufficient parameter filtering in ...

An unauthenticated OS command injection vulnerability in GoCast 1.1.3 allows attackers to execute arbitrary commands on affected systems by sending sp...

This CVE describes an OS command injection vulnerability in Synology's photo management applications. Remote attackers can execute arbitrary commands ...

A remote command execution vulnerability in Gogs (Git service) allows attackers to upload malicious files to the .git directory when deployed on Windo...

This CVE describes an OS command injection vulnerability in certain end-of-life GeoVision devices that allows unauthenticated remote attackers to exec...

This CVE describes a critical command injection vulnerability in PrivateGPT's SageMaker integration that allows remote code execution. Attackers can m...

CVE-2024-36061 is a critical OS command injection vulnerability in EnGenius EWS356-FIT wireless access points. Attackers can execute arbitrary command...

CVE-2020-8007 allows remote attackers to execute arbitrary operating system commands on Circontrol Raption EV charging stations through command inject...

This vulnerability allows remote attackers to execute arbitrary commands on Draytek Vigor3900 routers by injecting malicious commands into the mainfun...

CVE-2024-10119 is a critical OS command injection vulnerability in SECOM WRTM326 wireless routers that allows unauthenticated remote attackers to exec...