CWE-78: OS Command Injection

This vulnerability allows unauthenticated remote attackers to execute arbitrary system commands on SECOM WRTR-304GN-304TW-UPSC devices due to improper...

This CVE describes an OS command injection vulnerability in Elsight products that allows attackers to execute arbitrary commands on the underlying ope...

CVE-2024-9441 is a critical OS command injection vulnerability in Linear eMerge e3-Series access control systems. Remote unauthenticated attackers can...

CVE-2024-47608 is an OS command injection vulnerability (CWE-78) in Logicytics forensic data collection software that allows attackers to execute arbi...

This vulnerability allows remote attackers to execute arbitrary code on Tenda G3 routers by exploiting improper input sanitization in the USB partitio...

This is an unauthenticated command injection vulnerability in Zyxel NAS devices that allows remote attackers to execute arbitrary operating system com...

This is an unauthenticated OS command injection vulnerability in Zyxel networking devices that allows remote attackers to execute arbitrary commands o...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on D-Link DIR-846W routers via the tomography_ping_address pa...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-846W routers by sending a specially crafted POST request to the...

A command injection vulnerability in Asus RT-N15U routers allows remote attackers to execute arbitrary system commands through the netstat function pa...

This vulnerability allows remote attackers to execute arbitrary commands on Tenda FH1206 routers via a crafted HTTP request to the /goform/telnet endp...

This CVE describes an OS command injection vulnerability in Veribilim Software's Veribase Order Management system. Attackers can execute arbitrary ope...

This CVE describes a shell injection vulnerability in GL-iNet router firmware that allows remote attackers to execute arbitrary commands with root pri...

This vulnerability allows remote attackers to execute arbitrary operating system commands through the Caterease software database layer due to imprope...

This vulnerability allows remote attackers to execute arbitrary operating system commands through SQL injection in Caterease software. Attackers can g...

This CVE describes a command injection vulnerability in Tenda FH1201 routers that allows attackers to execute arbitrary commands on the device. The vu...

CVE-2024-39685 is a critical command injection vulnerability in Bert-VITS2 that allows attackers to execute arbitrary commands on the system by manipu...

This vulnerability allows administrative users on FutureNet NXR, VXR, and WXR series devices from Century Systems to execute arbitrary operating syste...

This vulnerability allows attackers with web interface access to execute arbitrary TELNET commands and view admin passwords on Ruijie EG-2000 series g...

A command injection vulnerability in mudler/localai version 2.14.0 allows attackers to execute arbitrary system commands by manipulating the backend p...

CVE-2024-6048 is a critical OS command injection vulnerability in Openfind's MailGates and MailAudit email security products. Unauthenticated remote a...

This vulnerability allows unauthenticated remote attackers to execute arbitrary system commands on affected GeoVision devices due to improper input fi...

This vulnerability allows remote attackers to execute arbitrary commands on affected Toshiba multifunction printers through improper neutralization of...

CVE-2024-36360 is an unauthenticated remote command injection vulnerability in awkblog v0.0.1 and earlier that allows attackers to execute arbitrary o...

This vulnerability allows remote attackers to execute arbitrary system commands on Pandora FMS servers through improper input validation in the Netflo...

This vulnerability allows remote attackers to execute arbitrary operating system commands on Pandora FMS servers by injecting malicious commands throu...

This is a critical PHP CGI argument injection vulnerability affecting Windows servers running Apache with PHP-CGI. It allows attackers to bypass prote...

This vulnerability in parisneo/lollms-webui version 9.3 allows attackers to bypass access restrictions and execute arbitrary code remotely. Attackers ...

AutoGPT versions v0.5.0 through v5.0.x contain an OS command injection vulnerability due to improper shell command validation. Attackers can bypass al...

This is a critical command injection vulnerability in Zyxel NAS devices that allows unauthenticated attackers to execute arbitrary operating system co...

This critical vulnerability in Aruba access points allows unauthenticated attackers to execute arbitrary commands with root privileges by sending mali...

CVE-2024-31471 is a critical command injection vulnerability in Aruba's Central Communications service that allows unauthenticated attackers to execut...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of tiagorlampert CHAOS. The issue stems fr...

This vulnerability allows attackers to execute arbitrary operating system commands on netis-systems MEX605 routers through the tracert page. Attackers...

This vulnerability allows remote attackers to execute arbitrary code on LG Simple Editor installations without authentication. Attackers can inject ma...

This critical vulnerability in Infotel Conseil GLPI allows remote attackers to execute arbitrary code on affected systems due to insufficient input va...

This critical vulnerability in MailCleaner allows remote attackers to execute arbitrary operating system commands through email handling components. A...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on systems running vulnerable versions of Eclipse Target Manageme...

This CVE describes a command injection vulnerability in mudler/localai's TranscriptEndpoint that allows attackers to execute arbitrary commands on the...

This CVE describes a critical OS command injection vulnerability in the lollms-webui application's '/open_code_folder' endpoint. Attackers can execute...

This vulnerability allows unauthenticated remote attackers to execute arbitrary system commands on Voltronic Power ViewPower Pro installations. Attack...

A remote code execution vulnerability in aliyundrive-webdav versions 2.3.3 and earlier allows attackers to execute arbitrary commands on affected syst...

CVE-2024-28048 is a critical OS command injection vulnerability in ffBull version 4.11 that allows remote unauthenticated attackers to execute arbitra...

CVE-2024-28125 is an OS command injection vulnerability in FitNesse that allows authenticated remote attackers to execute arbitrary commands on the un...

This CVE describes a Server-Side Template Injection (SSTI) vulnerability in Live Helper Chat that allows remote attackers to execute arbitrary code an...

This vulnerability allows remote attackers to execute arbitrary operating system commands on HGiga OAKlouds servers by injecting malicious commands in...

This CVE describes an OS command injection vulnerability in Akaunting v3.1.3 and earlier that allows attackers to execute arbitrary system commands on...

This vulnerability allows remote attackers to execute arbitrary operating system commands on Yealink Meeting Servers through the file upload interface...

This CVE describes a command injection vulnerability in TOTOLINK A3300R routers that allows attackers to execute arbitrary commands on the device. The...

This CVE describes a command injection vulnerability in TOTOLINK A3300R routers that allows attackers to execute arbitrary commands on the device. The...