CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,964 vulnerabilities with CWE-78
CVE-2026-2847
HIGH
UTT HiPER 520 1.7.7-160105 - Command Injection
CVSS 7.2
CVE-2026-2846
HIGH
UTT HiPER 520 1.7.7-160105 - Command Injection
CVSS 7.2
CVE-2026-26323
HIGH
OpenClaw 2026.1.8-2026.2.13 - Command Injection
CVSS 8.8
CVE-2026-27476
CRITICAL
RustFly 2.0.0 - OS Command Injection via UDP Remote Control
CVSS 9.8
CVE-2026-26318
HIGH
systeminformation <5.31.0 - Command Injection
CVSS 8.8
CVE-2026-26280
HIGH
systeminformation <5.30.8 - Command Injection
CVSS 8.4
CVE-2026-26189
MEDIUM
Trivy Action 0.31.0-0.33.1 - Command Injection
CVSS 5.9
CVE-2026-2686
CRITICAL
SECCN Dingcheng G10 3.1.0.181203 - Command Injection
CVSS 9.8
CVE-2026-2670
HIGH
Advantech WISE-6610 1.2.1 - Command Injection
CVSS 7.2
CVE-2026-27175
CRITICAL
MajorDoMo - Unauthenticated OS Command Injection via rc/index.php Race Condition
CVSS 9.8
CVE-2026-2629
HIGH
jishi node-sonos-http-api - Command Injection
CVSS 7.3
CVE-2026-2630
HIGH
Tenable Security Center - Command Injection
CVSS 8.8
CVE-2026-2560
MEDIUM
kalcaddle kodbox <1.64.05 - Command Injection
CVSS 6.3
CVE-2026-2544
HIGH
yued-fe LuLu UI <3.0.0 - Command Injection
CVSS 7.3
CVE-2026-25108
HIGH
KEV
FileZen 4.2.1-5.0.10 - Authenticated OS Command Injection via Antivirus Check Option
CVSS 8.8
CVE-2026-26068
CRITICAL
emp3r0r <3.21.1 - Command Injection, Remote Code Execution
CVSS 9.9
CVE-2026-25828
MEDIUM
grub-btrfs <2026-01-31 - Command Injection
CVSS 5.4
CVE-2026-25933
MEDIUM
Arduino App Lab <0.4.0 - Info Disclosure
CVSS 6.8
CVE-2026-26029
HIGH
sf-mcp-server < 1.0.3 - OS Command Injection via Salesforce CLI Command Construction
CVSS 7.5
CVE-2026-26009
CRITICAL
Catalyst Server Templates - Root Shell Command Execution
CVSS 9.9
CVE-2026-0652
HIGH
TP-Link Tapo C260 Firmware < 1.1.9 - Authenticated OS Command Injection via Configuration Synchronization
CVSS 8.8
CVE-2026-2260
HIGH
D-Link DCS-931L < 1.13.00 - OS Command Injection via AdminID Parameter
CVSS 7.2
CVE-2026-2210
HIGH
D-Link DIR-823X 250416 - OS Command Injection via /goform/set_filtering
CVSS 7.2
CVE-2026-2188
HIGH
UTT 521G Firmware 3.1.1-190816 - OS Command Injection via policyNames Argument
CVSS 7.2
CVE-2026-2184
HIGH
Great Developers Certificate Generation System - OS Command Injection
CVSS 7.3
Details
Vulnerabilities
5,964
Exploit Likelihood
High