CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,948 vulnerabilities with CWE-78
CVE-2026-32311
CRITICAL
Command Injection and Docker container escape allows root on host machine
CVSS 9.8
CVE-2026-26943
HIGH
Dell PowerProtect Data Domain Authenticated RCE via OS Command Injection
CVSS 7.2
CVE-2026-26942
MEDIUM
Dell PowerProtect Data Domain 8.5-8.6 - Authenticated OS Command Injection
CVSS 6.7
CVE-2026-24506
HIGH
Dell PowerProtect Data Domain 7.7.1.0-8.6, 8.3.1.0-8.3.1.20, 7.13.1.0-7.13.1.60 - Authenticated Remote Code Execution
CVSS 7.2
CVE-2026-22761
MEDIUM
Dell PowerProtect Data Domain 8.5-8.6 - Authenticated OS Command Injection
CVSS 6.7
CVE-2026-23774
HIGH
Dell PowerProtect Data Domain 7.7.1.0-8.5, 8.3.1.0-8.3.1.10, 7.13.1.0-7.13.1.40 - Authenticated Remote Code Execution
CVSS 7.2
CVE-2026-5967
HIGH
TeamT5|ThreatSonar Anti-Ransomware - Privilege Escalation
CVSS 8.8
CVE-2026-6644
CRITICAL
A command injection vulnerability was found in the PPTP VPN Clients on the ADM
CVSS 9.1
CVE-2026-35582
HIGH
Emissary <8.43.0 Executrix File Endings - OS Command Injection
CVSS 8.8
CVE-2026-40527
HIGH
radare2 Command Injection via DWARF Parameter Names
CVSS 7.8
CVE-2026-33145
MEDIUM
xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman
CVSS 6.3
CVE-2026-23500
CRITICAL
Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration
CVSS 9.1
CVE-2026-6483
HIGH
Wavlink WL-WN530H4 internet.cgi snprintf os command injection
CVSS 7.2
CVE-2026-35074
MEDIUM
Dell PowerProtect Data Domain 7.7.1.0-8.7.0.0 - Authenticated OS Command Injection
CVSS 6.7
CVE-2026-35073
MEDIUM
Dell PowerProtect Data Domain 7.7.1.0-8.7.0.0 - Authenticated OS Command Injection
CVSS 6.7
CVE-2026-35072
MEDIUM
Dell PowerProtect Data Domain 7.7.1.0-8.7.0.0 - Authenticated OS Command Injection
CVSS 6.7
CVE-2026-21719
HIGH
CubeCart < 6.6.0 - Authenticated OS Command Injection
CVSS 7.2
CVE-2026-41113
HIGH
sagredo qmail >=2024.10.26 <2026.04.07 - Remote Code Execution via tls_quit popen in notlshosts_auto
CVSS 8.1
CVE-2026-6349
CRITICAL
HGiga|iSherlock - OS Command Injection
CVSS 9.8
CVE-2026-41015
HIGH
radare2 < 9236f44a28812fe911814e1b3a7bcf1e4de5d3c2 - OS Command Injection via PDB Name to rabin2 -PP
CVSS 7.4
CVE-2026-40261
HIGH
Composer has Command Injection via Malicious Perforce Reference
CVSS 8.8
CVE-2026-40176
HIGH
Composer is vulnerable to Command Injection via Malicious Perforce Repository
CVSS 7.8
CVE-2026-40499
HIGH
radare2 < 6.1.4 Command Injection via PDB Parser print_gvars()
CVSS 7.8
CVE-2026-33414
HIGH
PowerShell Command Injection in Podman HyperV Machine
CVSS 7.8
CVE-2026-35196
HIGH
Chamilo LMS has OS Command Injection via export_all_certificates action
CVSS 8.8
Details
Vulnerabilities
5,948
Exploit Likelihood
High