CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,017 vulnerabilities with CWE-78
CVE-2021-3317
HIGH
klog_server < 2.4.1 - Authenticated OS Command Injection via async.php Source Parameter
CVSS 8.8
CVE-2021-3291
HIGH
Zen Cart 1.5.7b - Command Injection
CVSS 7.2
CVE-2021-3190
CRITICAL
async-git < 1.13.2 - OS Command Injection via Shell Metacharacters
CVSS 9.8
CVE-2021-1142
CRITICAL
Cisco Smart Software Manager Satellite - RCE
CVSS 9.8
CVE-2021-1141
CRITICAL
Cisco Smart Software Manager Satellite - RCE
CVSS 9.8
CVE-2021-1140
CRITICAL
Cisco Smart Software Manager Satellite - RCE
CVSS 9.8
CVE-2021-1139
CRITICAL
Cisco Smart Software Manager Satellite - RCE
CVSS 9.8
CVE-2021-1138
CRITICAL
Cisco Smart Software Manager Satellite - RCE
CVSS 9.8
CVE-2021-1264
CRITICAL
Cisco Catalyst Center < 1.3.1.0 - Authenticated OS Command Injection via Command Runner Tool
CVSS 9.6
CVE-2021-23326
MEDIUM
@graphql-tools/git-loader <6.2.6 - Command Injection
CVSS 6.3
CVE-2021-0219
MEDIUM
Juniper Networks Junos OS - Command Injection
CVSS 6.7
CVE-2021-0218
HIGH
Juniper Networks Junos OS <17.3 - Command Injection
CVSS 7.8
CVE-2021-1150
HIGH
Cisco Small Business RV110W-215W - Command Injection
CVSS 7.2
CVE-2021-1149
HIGH
Cisco Small Business RV110W-215W - Command Injection
CVSS 7.2
CVE-2021-1148
HIGH
Cisco Small Business RV110W-215W - Command Injection
CVSS 7.2
CVE-2021-1147
HIGH
Cisco Small Business RV110W-215W - Command Injection
CVSS 7.2
CVE-2021-1146
HIGH
Cisco Small Business RV110W-215W - Command Injection
CVSS 7.2
CVE-2021-3029
CRITICAL
EVOLUCARE ECSIMAGING <6.21.5 - Command Injection
CVSS 9.8
CVE-2020-37125
CRITICAL
Edimax EW-7438RPn-v3 Mini 1.27 - RCE
CVSS 9.8
CVE-2020-37123
CRITICAL
Pinger 1.0 - Remote Code Execution via Ping and Socket Parameter Injection
CVSS 9.8
CVE-2020-37032
HIGH
Wing FTP Server 6.3.8 - Authenticated Remote Code Execution via Lua Web Console os.execute()
CVSS 8.8
CVE-2020-37027
CRITICAL
Sickbeard alpha - Command Injection
CVSS 9.8
CVE-2020-37012
CRITICAL
Tea LaTeX 1.0 - Unauthenticated Remote Code Execution via /api.php tex2png Action
CVSS 9.8
CVE-2020-37002
CRITICAL
Ajenti 2.1.36 - Authenticated Remote Code Execution via Terminal API
CVSS 9.8
CVE-2020-36910
HIGH
Cayin Signage Media Player 3.0 - Command Injection
CVSS 8.8
Details
Vulnerabilities
6,017
Exploit Likelihood
High