CWE-78— OS Command Injection
5,594 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-78page 83 of 112
- CVE-2024-58257MEDIUMCVSS 5.7EG 5.72025-08-08
EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.
- CVE-2024-58274HIGHCVSS 8.3EG 8.32025-10-22
Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025.
- CVE-2024-58278HIGHCVSS 8.5EG 8.52025-12-04
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allo…
- CVE-2024-58286CRITICALCVSS 9.3EG 9.32025-12-11
dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files…
- CVE-2024-58287HIGHCVSS 8.8EG 8.82025-12-11
reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd parameter with malicious b…
- CVE-2024-58294HIGHCVSS 8.8EG 8.82025-12-11
FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting ma…
- CVE-2024-58314HIGHCVSS 8.8EG 8.82025-12-12
Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands thr…
- CVE-2024-58338CRITICALCVSS 10.0EG 9.82025-12-30
Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and g…
- CVE-2024-6032HIGHCVSS 7.8EG 7.82025-04-30
Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute …
- CVE-2024-6047CRITICALCVSS 9.8EG 9.8⚠ KEV2024-06-17
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
- CVE-2024-6048CRITICALCVSS 9.8EG 9.82024-06-17
Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server.
- CVE-2024-6091CRITICALCVSS 9.8EG 9.82024-09-11
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami…
- CVE-2024-6184MEDIUMCVSS 6.3EG 6.32024-06-20
A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/reboot/reboot_commit.php. The manipulation of the argument servicename leads t…
- CVE-2024-6185MEDIUMCVSS 6.3EG 6.32024-06-20
A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Affected by this issue is the function get_ip_addr_details of the file /view/dhcp/dhcpConfig/commit.php. The manipulation of the argument ethname leads…
- CVE-2024-6186MEDIUMCVSS 6.3EG 6.32024-06-20
A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument ad_log_name leads to os command injection…
- CVE-2024-6187MEDIUMCVSS 6.3EG 6.32024-06-20
A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The a…
- CVE-2024-6247MEDIUMCVSS 6.8EG 6.82024-11-22
Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not re…
- CVE-2024-6333HIGHCVSS 7.2EG 7.22024-10-17
Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.
- CVE-2024-6342CRITICALCVSS 9.8EG 9.82024-09-10
**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attac…
- CVE-2024-6486HIGHCVSS 7.2EG 7.22025-05-15
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. This allows authenticated attackers, with administrator-level permission to execute …
- CVE-2024-6507HIGHCVSS 8.1EG 8.12024-07-04
Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in the ingest_kaggle() API
- CVE-2024-6917CRITICALCVSS 9.8EG 9.82024-08-12
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection. This issue affects Veribase Order Management: before v4.…
- CVE-2024-7066HIGHCVSS 7.3EG 7.32024-07-24
A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/config_time_sync.php of the component HTTP POST Request Handler. The manipu…
- CVE-2024-7120MEDIUMCVSS 6.3EG 6.32024-07-26
A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the arg…
- CVE-2024-7171MEDIUMCVSS 6.3EG 6.32024-07-28
A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injec…
- CVE-2024-7175MEDIUMCVSS 6.3EG 6.32024-07-29
A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads …
- CVE-2024-7203HIGHCVSS 7.2EG 7.22024-09-03
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator pr…
- CVE-2024-7261CRITICALCVSS 9.8EG 9.82024-09-03
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(AC…
- CVE-2024-7357MEDIUMCVSS 6.3EG 6.32024-08-01
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os…
- CVE-2024-7448HIGHCVSS 8.0EG 8.02024-08-21
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required …
- CVE-2024-7467MEDIUMCVSS 6.3EG 6.32024-08-05
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpn_config_mod of the file /vpn/list_ip_network.php of the component Web Interface. The…
- CVE-2024-7468MEDIUMCVSS 6.3EG 6.32024-08-05
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been classified as critical. This affects the function sslvpn_config_mod of the file /vpn/list_service_manage.php of the component Web Interface. The…
- CVE-2024-7469MEDIUMCVSS 6.3EG 6.32024-08-05
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been declared as critical. This vulnerability affects the function sslvpn_config_mod of the file /vpn/list_vpn_web_custom.php of the component Web In…
- CVE-2024-7470MEDIUMCVSS 6.3EG 6.32024-08-05
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpn_config_mod of the file /vpn/vpn_template_style.php of the component Web Interface. The…
- CVE-2024-7517HIGHCVSS 7.8EG 7.82024-11-21
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. …
- CVE-2024-7579MEDIUMCVSS 6.3EG 6.32024-08-07
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. T…
- CVE-2024-7580MEDIUMCVSS 6.3EG 6.32024-08-07
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/system.html. The manipulation of the argument uploadedFile wit…
- CVE-2024-7591CRITICALCVSS 10.0EG 10.02024-09-05
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above
- CVE-2024-7699HIGHCVSS 8.8EG 8.82024-09-10
An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.
- CVE-2024-7728HIGHCVSS 7.2EG 7.22024-08-14
The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server.
- CVE-2024-8075MEDIUMCVSS 6.3EG 6.32024-08-22
A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launch…
- CVE-2024-8077MEDIUMCVSS 6.3EG 6.32024-08-22
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack re…
- CVE-2024-8127MEDIUMCVSS 6.3EG 6.32024-08-24
A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1…
- CVE-2024-8128MEDIUMCVSS 6.3EG 6.32024-08-24
A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, …
- CVE-2024-8129MEDIUMCVSS 6.3EG 6.32024-08-24
A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1…
- CVE-2024-8130MEDIUMCVSS 6.3EG 6.32024-08-24
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-155…
- CVE-2024-8131MEDIUMCVSS 6.3EG 6.32024-08-24
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 …
- CVE-2024-8132MEDIUMCVSS 6.3EG 6.32024-08-24
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 …
- CVE-2024-8133MEDIUMCVSS 6.3EG 6.32024-08-24
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 …
- CVE-2024-8134MEDIUMCVSS 6.3EG 6.32024-08-24
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 …
Map vulnerabilities like CWE-78 to your infrastructure
EchelonGraph correlates every CVE — across CWE-78 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →