CWE-78 · OS Command Injection

6046 CVEs classified under CWE-78 (OS Command Injection). Browse by severity and year.

Top CVEs for CWE-78
CVESeverityScorePublishedSummary
CVE-2026-56415Critical10.02026-06-30Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attac…
CVE-2026-56413Critical10.02026-06-30Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts…
CVE-2026-49869Critical10.02026-06-26Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath().endsWith("…
CVE-2026-49261Critical10.02026-06-11MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through…
CVE-2026-10520Critical10.02026-06-09An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-le…
CVE-2026-45087Critical10.02026-05-27Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server)…
CVE-2026-34234Critical10.02026-05-19CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerabl…
CVE-2026-41553Critical10.02026-05-15PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthe…
CVE-2026-30302Critical10.02026-03-27The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The…
CVE-2026-33478Critical10.02026-03-23WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite plugin chain together to all…
CVE-2026-28409Critical10.02026-02-27WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution (RCE) vulnerability exists in the WeGIA applicatio…
CVE-2021-35402Critical10.02026-02-20PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for sate…
CVE-2024-58338Critical10.02025-12-30Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute comm…
CVE-2025-63414Critical10.02025-12-16A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By…
CVE-2025-64128Critical10.02025-11-26An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, wh…
CVE-2025-64127Critical10.02025-11-26An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incor…
CVE-2025-64126Critical10.02025-11-26An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying…
CVE-2025-10230Critical10.02025-11-07A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or esca…
CVE-2025-9588Critical10.02025-09-23Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. EnVision allo…
CVE-2025-5243Critical10.02025-07-24Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SM…