CWE-78: OS Command Injection

This vulnerability allows remote attackers to execute arbitrary code on Pascom Cloud Phone System servers by sending shell metacharacters to the /serv...

This CVE allows attackers to execute arbitrary operating system commands on vulnerable SonicWall Secure Remote Access (SRA) and Secure Mobile Access (...

This CVE describes a critical command injection vulnerability in Totolink routers that allows attackers to execute arbitrary system commands via the T...

This CVE describes a critical command injection vulnerability in Totolink routers that allows attackers to execute arbitrary commands via the hostName...

This CVE describes a critical command injection vulnerability in multiple Totolink router models. Attackers can execute arbitrary system commands by s...

This CVE describes a command injection vulnerability in multiple Totolink router models that allows attackers to execute arbitrary commands via the we...

This CVE describes a command injection vulnerability in multiple Totolink router models that allows attackers to execute arbitrary commands via the Fi...

This CVE describes a command injection vulnerability in multiple Totolink router models that allows attackers to execute arbitrary commands via the se...

This CVE describes a command injection vulnerability in multiple Totolink router models that allows attackers to execute arbitrary commands via the ho...

This CVE describes a command injection vulnerability in Arris routers that allows attackers to execute arbitrary commands by manipulating the TimeZone...

This CVE describes a command injection vulnerability in Arris routers that allows attackers to execute arbitrary system commands by manipulating PPPoE...

This vulnerability allows remote attackers to execute arbitrary operating system commands on affected NEC UNIVERGE wireless access points. Attackers c...

CVE-2022-24193 is a command injection vulnerability in CasaOS versions before 0.2.7 that allows attackers to execute arbitrary commands on the system....

CVE-2022-0848 is a critical OS command injection vulnerability in part-db software that allows remote attackers to execute arbitrary commands on the s...

This CVE describes an OS command injection vulnerability in the npm-lockfile package versions 2.0.3 and 2.0.4. Attackers can execute arbitrary command...

This CVE-2021-4039 is a command injection vulnerability in Zyxel NWA-1100-NH access point web interface that allows authenticated attackers to execute...

CVE-2020-12775 is a command injection vulnerability in the Hicos citizen certificate client-side component that allows unauthenticated remote attacker...

This CVE describes a command injection vulnerability in TP-LINK TL-WR840N routers that allows attackers to execute arbitrary commands on the device. T...

This vulnerability allows remote attackers to execute arbitrary code on TP-LINK TL-WR840N routers via a crafted IPv6 address payload in the oal_wan6_s...

This CVE describes a command injection vulnerability in TOTOLink A800R routers that allows attackers to execute arbitrary commands via the QUERY_STRIN...

This CVE describes a command injection vulnerability in TOTOLink A3600R routers that allows attackers to execute arbitrary commands via the QUERY_STRI...

This critical vulnerability in TOTOLink A830R routers allows remote attackers to execute arbitrary commands via the QUERY_STRING parameter in the Main...

This CVE describes a command injection vulnerability in TOTOLink A950RG routers that allows attackers to execute arbitrary system commands via the QUE...

This critical vulnerability in TOTOLink T6 routers allows remote attackers to execute arbitrary operating system commands via the QUERY_STRING paramet...

This CVE describes a remote command execution vulnerability in D-Link DIR-846 routers where attackers can inject shell commands through SSID parameter...

A critical Remote Command Execution vulnerability exists in multiple D-Link router models via the DDNS function in the ncc2 binary. Attackers can exec...

PublicCMS v4.0 contains a remote code execution vulnerability via the cmdarray parameter that allows attackers to execute arbitrary commands on the se...

This vulnerability allows authenticated non-root users to execute arbitrary commands with root privileges through the StarWind REST API. Attackers can...

This vulnerability allows remote unauthenticated attackers to execute arbitrary system commands on NorthStar Club Management servers by injecting mali...

This vulnerability allows remote attackers to execute arbitrary commands on Tenda G1 and G3 routers by injecting malicious input into the hostName par...

This CVE describes an OS command injection vulnerability in Reolink RLC-410W cameras where the DDNS username parameter is not properly validated. Atta...

This CVE describes an OS command injection vulnerability in China Mobile An Lianbao WF-1 routers that allows attackers to execute arbitrary commands o...

CVE-2021-43857 is a critical remote code execution vulnerability in Gerapy, a distributed crawler management framework. Attackers can execute arbitrar...

This vulnerability allows remote attackers to execute arbitrary commands on IBM Spectrum Copy Data Management systems due to improper input validation...

CVE-2021-44685 is a critical OS command injection vulnerability in Git-it that allows attackers to execute arbitrary commands on the system. Users run...

CVE-2021-43033 is a critical remote code execution vulnerability in Kaseya Unitrends Backup Appliance's bpserverd daemon that allows attackers to exec...

This is a critical command injection vulnerability in QNAP VioStor devices that allows remote attackers to execute arbitrary commands on affected syst...

This vulnerability allows remote attackers to execute arbitrary operating system commands on PowerCMS servers through the XMLRPC API. It affects Power...

CVE-2021-41280 is a critical command injection vulnerability in Sharetribe Go marketplace software that allows attackers to execute arbitrary operatin...

This CVE describes a command injection vulnerability in the HNAP1 protocol of D-Link DIR-823G routers. Attackers can execute arbitrary commands via sh...

CVE-2020-36378 is a command injection vulnerability in aaptjs packageCmd function that allows attackers to execute arbitrary code by controlling fileP...

CVE-2020-36380 is a critical OS command injection vulnerability in aaptjs 1.3.1 that allows attackers to execute arbitrary code by manipulating filePa...

This vulnerability in aaptjs 1.3.1 allows attackers to execute arbitrary code via the filePath parameter in the list function. It affects systems usin...

CVE-2011-2195 is a critical remote code execution vulnerability in WebSVN 2.3.2 that allows unauthenticated attackers to execute arbitrary commands on...

CVE-2021-20837 is a critical remote command injection vulnerability in Movable Type's XMLRPC API that allows unauthenticated attackers to execute arbi...

CVE-2021-27561 is an unauthenticated command injection vulnerability in Yealink Device Management that allows remote attackers to execute arbitrary co...

CVE-2021-42071 is a critical remote command execution vulnerability in Visual Tools DVR VX16 software where an unauthenticated attacker can execute ar...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on Zoho ManageEngine ADManager Plus servers. Attacker...

CVE-2021-36260 is a critical command injection vulnerability in Hikvision web servers that allows unauthenticated attackers to execute arbitrary comma...

This vulnerability allows unauthenticated remote attackers to execute arbitrary system commands on HGiga OAKlouds mobile portal servers by injecting m...