CWE-78: OS Command Injection

CVE-2023-35861 is a shell injection vulnerability in Supermicro motherboard BMC email notifications that allows remote attackers to execute arbitrary ...

CVE-2023-37903 is a critical sandbox escape vulnerability in vm2, a Node.js sandboxing library. Attackers with code execution inside the vm2 sandbox c...

This CVE describes an OS command injection vulnerability in HGiga iSherlock user modules. Attackers can execute arbitrary operating system commands on...

A critical command injection vulnerability in Kratos NGC-IDU 9.1.0.4 allows remote attackers to execute arbitrary Linux commands as root via crafted T...

This vulnerability allows remote attackers to execute arbitrary code on RIGOL MSO5000 digital oscilloscopes by injecting shell metacharacters into pas...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on TOTOLINK A3300R routers by manipulating the lang parameter in the...

This CVE describes a command injection vulnerability in TOTOLINK A3300R routers that allows attackers to execute arbitrary commands on the device. Att...

CVE-2022-44720 is an OS command injection vulnerability in Weblib Ucopia web filtering appliances that allows attackers to execute arbitrary commands ...

CVE-2023-26134 is a command injection vulnerability in the git-commit-info npm package where the gitCommitInfo() method fails to sanitize user-control...

CVE-2023-30261 is a critical command injection vulnerability in OpenWB charging station management software that allows remote attackers to execute ar...

CVE-2023-30258 is a critical command injection vulnerability in MagnusBilling that allows unauthenticated remote attackers to execute arbitrary comman...

This is a critical pre-authentication command injection vulnerability in Zyxel NAS devices that allows unauthenticated remote attackers to execute arb...

This CVE describes a system command injection vulnerability in Huawei BiSheng-WNM printer firmware that allows attackers to execute arbitrary commands...

This CVE describes a command injection vulnerability in D-Link Go-RT-AC750 routers where an attacker can execute arbitrary commands via the service pa...

This critical vulnerability in WAGO products allows unauthenticated remote attackers to create new user accounts and modify device configurations. Thi...

Metersphere v1.20.20-lts-79d354a6 contains a remote command execution vulnerability in the custom code snippet function of the system workbench. Attac...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK A7100RU routers. Attackers can inject malicious commands through ...

This CVE describes a command injection vulnerability in TOTOLINK X5000R routers that allows remote attackers to execute arbitrary commands via the 'co...

CVE-2023-25826 is an unauthenticated remote command injection vulnerability in OpenTSDB's legacy HTTP query API. Attackers can execute arbitrary opera...

CVE-2023-29778 allows remote attackers to execute arbitrary operating system commands on GL.iNET MT3000 routers via command injection in the logread R...

This vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands on affected Zyxel firewall devices by sendin...

CVE-2023-30621 is a critical command injection vulnerability in the Gipsy Discord bot that allows unauthenticated users to execute arbitrary commands ...

CVE-2023-29805 is a command injection vulnerability in WFS-SR03 v1.0.3 that allows attackers to execute arbitrary commands on affected systems via the...

This critical command injection vulnerability in Tenda G103 routers allows attackers to execute arbitrary system commands by manipulating the language...

This CVE describes an OS command injection vulnerability in Quectel AG550QCN devices through the ql_atfwd component. Attackers can execute arbitrary c...

CVE-2023-27394 is an unauthenticated OS command injection vulnerability in Osprey Pump Controller version 1.01 that allows attackers to execute arbitr...

This vulnerability in the pullit Node.js package allows attackers to execute arbitrary operating system commands by injecting malicious code into Git ...

This is a critical command injection vulnerability in TOTOLink CP900 outdoor CPE devices that allows unauthenticated attackers to execute arbitrary sy...

This CVE describes a command injection vulnerability in TOTOLink CP900 outdoor CPE devices that allows attackers to execute arbitrary commands via the...

This vulnerability allows attackers to execute arbitrary operating system commands with root privileges on D-Link DIR-820L routers by injecting malici...

This vulnerability allows remote attackers to execute arbitrary operating system commands on Altenergy Power Control Software systems by injecting she...

This CVE describes an OS command injection vulnerability in D-Link DIR-820LA1 routers that allows attackers to execute arbitrary commands with root pr...

This CVE describes an OS command injection vulnerability in D-Link DIR-867 routers that allows attackers to execute arbitrary commands via a crafted L...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOlink A7100RU routers via command injection in the 'ou' parameter. Atta...

This CVE describes an OS command injection vulnerability in Gogs (a self-hosted Git service) that allows attackers to execute arbitrary commands on th...

CVE-2022-48337 is a command injection vulnerability in GNU Emacs' etags utility that allows attackers to execute arbitrary commands via shell metachar...

This vulnerability allows remote unauthenticated attackers to execute arbitrary commands as root on APSystems ECU-R version 5203 devices by injecting ...

A command injection vulnerability in Jitsi on Windows allows attackers to execute arbitrary commands by injecting malicious URLs when launching browse...

CVE-2023-23076 is a critical OS command injection vulnerability in ManageEngine Support Center Plus that allows attackers to execute arbitrary command...

This critical vulnerability in Brocade Fabric OS allows remote unauthenticated attackers to execute arbitrary commands on affected switches. Attackers...

CVE-2022-23100 is a critical OS command injection vulnerability in OX App Suite's Documentconverter component that allows attackers to execute arbitra...

CVE-2022-24405 is a critical OS command injection vulnerability in OX App Suite's Documentconverter API that allows attackers to execute arbitrary com...

This vulnerability allows remote attackers on the local network to execute arbitrary commands as root on Verizon 5G Home LVSKIHP InDoorUnit devices. T...

This vulnerability allows remote attackers on the local network to execute arbitrary commands as root on Verizon 5G Home LVSKIHP outdoor units. The is...

CVE-2022-28888 is a critical remote command execution vulnerability in Spryker Commerce OS that allows attackers to execute arbitrary commands on affe...

This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10 routers by exploiting improper input validation in the lanIp parame...

CVE-2014-0156 is an OS command injection vulnerability in the Awesome Spawn Ruby gem that allows attackers to execute arbitrary commands by passing ma...

This CVE describes command injection vulnerabilities in Robustel R1510 routers that allow remote attackers to execute arbitrary commands via specially...

CVE-2022-33314 is a critical command injection vulnerability in Robustel R1510 routers that allows remote attackers to execute arbitrary commands on a...

CVE-2022-33326 allows remote attackers to execute arbitrary commands on Robustel R1510 routers through command injection in the /ajax/config_rollback/...