CWE-78
OS Command Injection
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
Recent CVEs
showing 50 of 161- CVE-2026-42853Medium· 6.5EPSS 0%2 h ago
ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the passw
npm - CVE-2026-46716Critical· 9.9EPSS 0%8 h ago
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers=[] and an arbitr
- CVE-2026-48165High· 8.0EPSS 0%12 h ago
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used ws
- CVE-2026-48163High· 8.0EPSS 0%12 h ago
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating
- CVE-2026-44170—EPSS 0%12 h ago
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engin
- CVE-2026-44168High· 8.0EPSS 0%12 h ago
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating
- CVE-2026-46746High· 8.8EPSS 0%13 h ago
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted d
- CVE-2026-10544Medium· 6.5EPSS 0%13 h ago
Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the
- CVE-2025-64328High· 7.2KEVEXPLOITEPSS 78%14 h ago
Sangoma FreePBX OS Command Injection Vulnerability
- CVE-2023-39780High· 8.8KEVEPSS 47%14 h ago
ASUS RT-AX55 Routers OS Command Injection Vulnerability
- CVE-2024-8190High· 7.2KEVEPSS 92%14 h ago
Ivanti Cloud Services Appliance OS Command Injection Vulnerability
- CVE-2019-20500High· 7.8KEVEXPLOITEPSS 90%14 h ago
D-Link DWL-2600AP Access Point Command Injection Vulnerability
- CVE-2023-27992Critical· 9.8KEVEPSS 87%14 h ago
Zyxel Multiple NAS Devices Command Injection Vulnerability
- CVE-2024-50603Critical· 10.0KEVEPSS 94%14 h ago
Aviatrix Controllers OS Command Injection Vulnerability
- CVE-2019-11001High· 7.2KEVEPSS 29%14 h ago
Reolink Multiple IP Cameras OS Command Injection Vulnerability
- CVE-2020-12641Critical· 9.8KEVEPSS 93%14 h ago
Roundcube Webmail Remote Code Execution Vulnerability
- CVE-2023-28771Critical· 9.8KEVEXPLOITEPSS 94%14 h ago
Zyxel Multiple Firewalls OS Command Injection Vulnerability
- CVE-2023-47565High· 8.0KEVEPSS 87%14 h ago
QNAP VioStor NVR OS Command Injection Vulnerability
- CVE-2022-33891High· 8.8KEVEXPLOITEPSS 94%14 h ago
Apache Spark Command Injection Vulnerability
pypimaven - CVE-2017-3506High· 7.4KEVEPSS 94%14 h ago
Oracle WebLogic Server OS Command Injection Vulnerability
- CVE-2022-36804High· 8.8KEVEXPLOITEPSS 94%14 h ago
Atlassian Bitbucket Server and Data Center Command Injection Vulnerability
- CVE-2020-1956High· 8.8KEVEPSS 94%14 h ago
Apache Kylin OS Command Injection Vulnerability
- CVE-2020-15415Critical· 9.8KEVEPSS 93%14 h ago
DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
- CVE-2017-6884High· 8.8KEVEXPLOITEPSS 90%14 h ago
Zyxel EMG2926 Routers Command Injection Vulnerability
- CVE-2021-40407High· 7.2KEVEPSS 25%14 h ago
Reolink RLC-410W IP Camera OS Command Injection Vulnerability
- CVE-2021-45382Critical· 9.8KEVEPSS 94%14 h ago
D-Link Multiple Routers Remote Code Execution Vulnerability
- CVE-2020-4428Critical· 9.1KEVEXPLOITEPSS 92%14 h ago
IBM Data Risk Manager Remote Code Execution Vulnerability
- CVE-2026-25108High· 8.8KEVEPSS 8%14 h ago
Soliton Systems K.K FileZen OS Command Injection Vulnerability
- CVE-2020-10987Critical· 9.8KEVEPSS 94%14 h ago
Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability
- CVE-2020-25506Critical· 9.8KEVEPSS 94%14 h ago
D-Link DNS-320 Device Command Injection Vulnerability
- CVE-2017-18368Critical· 9.8KEVEXPLOITEPSS 94%14 h ago
Zyxel P660HN-T1A Routers Command Injection Vulnerability
- CVE-2020-7247Critical· 9.8KEVEXPLOITEPSS 94%14 h ago
OpenSMTPD Remote Code Execution Vulnerability
- CVE-2025-11953Critical· 9.8KEVEPSS 33%14 h ago
React Native Community CLI OS Command Injection Vulnerability
npm - CVE-2018-10562Critical· 9.8KEVEXPLOITEPSS 94%14 h ago
Dasan GPON Routers Command Injection Vulnerability
- CVE-2025-58034High· 7.2KEVEXPLOITEPSS 46%14 h ago
Fortinet FortiWeb OS Command Injection Vulnerability
- CVE-2019-15949High· 8.8KEVEXPLOITEPSS 87%14 h ago
Nagios XI Remote Code Execution Vulnerability
- CVE-2019-19356High· 7.5KEVEPSS 91%14 h ago
Netis WF2419 Devices Remote Code Execution Vulnerability
- CVE-2020-16846Critical· 9.8KEVEXPLOITEPSS 94%14 h ago
SaltStack Salt Shell Injection Vulnerability
pypi - CVE-2025-1316Critical· 9.8KEVEPSS 87%14 h ago
Edimax IC-7100 IP Camera OS Command Injection Vulnerability
- CVE-2024-11120Critical· 9.8KEVEPSS 66%14 h ago
GeoVision Devices OS Command Injection Vulnerability
- CVE-2024-6047Critical· 9.8KEVEPSS 73%14 h ago
GeoVision Devices OS Command Injection Vulnerability
- CVE-2024-40891High· 8.8KEVEPSS 53%14 h ago
Zyxel DSL CPE OS Command Injection Vulnerability
- CVE-2020-8515Critical· 9.8KEVEXPLOITEPSS 94%14 h ago
Multiple DrayTek Vigor Routers Web Management Page Vulnerability
- CVE-2020-4006Critical· 9.1KEVEPSS 14%14 h ago
Multiple VMware Products Command Injection Vulnerability
- CVE-2022-44877Critical· 9.8KEVEXPLOITEPSS 94%14 h ago
CWP Control Web Panel OS Command Injection Vulnerability
- CVE-2022-29303Critical· 9.8KEVEXPLOITEPSS 94%14 h ago
SolarView Compact Command Injection Vulnerability
- CVE-2019-17621Critical· 9.8KEVEXPLOITEPSS 93%14 h ago
D-Link DIR-859 Router Command Execution Vulnerability
- CVE-2021-1497Critical· 9.8KEVEXPLOITEPSS 94%14 h ago
Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
- CVE-2023-20273High· 7.2KEVEXPLOITEPSS 93%14 h ago
Cisco IOS XE Web UI Command Injection Vulnerability
- CVE-2022-28810Medium· 6.8KEVEXPLOITEPSS 90%14 h ago
Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.