CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,978 vulnerabilities with CWE-78
CVE-2023-36498
HIGH
TP-Link ER7206 Firmware 1.3.0 - Authenticated OS Command Injection via PPTP Client
CVSS 7.2
CVE-2023-46359
CRITICAL
Hardy Barth cPH2 eCharge Ladestation <1.87.0 - Command Injection
CVSS 9.8
CVE-2023-5677
MEDIUM
AXIS Camera Firmware < 5.51.7.7 - Authenticated Remote Code Execution via VAPIX API tcptest.cgi
CVSS 6.3
CVE-2023-47567
MEDIUM
QNAP QTS and QuTS hero - Authenticated OS Command Injection
CVSS 4.7
CVE-2023-47566
MEDIUM
QNAP QTS, QuTS hero, and QuTScloud - Authenticated OS Command Injection
CVSS 6.7
CVE-2023-47562
HIGH
QNAP Photo Station 6.4.0-6.4.1 - Authenticated OS Command Injection
CVSS 7.4
CVE-2023-45025
CRITICAL
QNAP QTS and QuTS hero - OS Command Injection
CVSS 9.0
CVE-2023-41283
MEDIUM
QNAP QTS, QuTS hero, and QuTScloud - Authenticated OS Command Injection
CVSS 5.5
CVE-2023-41282
MEDIUM
QNAP QTS, QuTS hero, and QuTScloud - Authenticated OS Command Injection
CVSS 5.5
CVE-2023-41281
MEDIUM
QNAP QTS, QuTS hero, and QuTScloud - Authenticated OS Command Injection
CVSS 5.5
CVE-2023-39302
MEDIUM
QNAP QTS, QuTS hero, and QuTScloud - Authenticated OS Command Injection
CVSS 6.6
CVE-2023-39297
HIGH
QNAP QTS and QuTS hero - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-6078
HIGH
BIOVIA Materials Studio <2023 - Command Injection
CVSS 8.8
CVE-2023-5372
HIGH
Zyxel NAS326/NAS542 < 5.21(AAZF.16)C0/< 5.21(ABAG.13)C0 Authenticated OS Command Injection
CVSS 7.2
CVE-2023-49038
HIGH
Buffalo LS210D <1.78-0.03 - Command Injection
CVSS 7.2
CVE-2023-38323
CRITICAL
OpenNDS <10.1.3 - Command Injection
CVSS 9.8
CVE-2023-38319
CRITICAL
OpenNDS <10.1.3 - Command Injection
CVSS 9.8
CVE-2023-38318
CRITICAL
OpenNDS <10.1.3 - Command Injection
CVSS 9.8
CVE-2023-38317
CRITICAL
OpenNDS <10.1.3 - Command Injection
CVSS 9.8
CVE-2023-31037
HIGH
NVIDIA Bluefield 2-Bluefield 3 DPU BMC - Code Injection
CVSS 7.2
CVE-2023-6926
HIGH
Crestron AM-300 Firmware 1.4499.00018 - Authenticated OS Command Injection
CVSS 8.4
CVE-2023-49329
HIGH
Anomali Match <4.6.2 - Command Injection
CVSS 7.2
CVE-2023-51217
HIGH
TenghuTOS TWS-200 V4.0-201809201424 - Ping Page Command Injection
CVSS 8.8
CVE-2023-51698
CRITICAL
Atril < 1.26.3 - OS Command Injection via Crafted CBT Document
CVSS 9.6
CVE-2023-49254
HIGH
Network Test Tools - Command Injection
CVSS 8.8
Details
Vulnerabilities
5,978
Exploit Likelihood
High