CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,945 vulnerabilities with CWE-78
CVE-2026-46394
HIGH
Haxtheweb Haxcms-php < 26.0.0 - Remote Code Execution
CVE-2026-49492
HIGH
Markdown Preview Enhanced OS Command Injection in External File and Link Opening
CVSS 8.8
CVE-2026-45750
CRITICAL
Termix Vulnerable to Arbitrary Command Execution in File Manager
CVSS 9.0
CVE-2026-45748
CRITICAL
Termix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection
CVSS 9.8
CVE-2026-45744
CRITICAL
Termix <2.3.2 File Manager resolvePath - OS Command Injection
CVSS 9.9
CVE-2026-11341
MEDIUM
D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection
CVSS 6.3
CVE-2026-21837
HIGH
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API
CVSS 8.8
CVE-2026-10873
HIGH
Shibby Tomato Web UI rstats rstats_path os command injection
CVSS 7.2
CVE-2026-10872
HIGH
Shibby Tomato Web UI rc start_vpnserver os command injection
CVSS 7.2
CVE-2026-10871
HIGH
Shibby Tomato Web UI rc start_6rd_tunnel os command injection
CVSS 7.2
CVE-2026-10870
HIGH
Shibby Tomato Web UI rc start_dhcpc os command injection
CVSS 7.2
CVE-2026-10796
HIGH
nvm executes commands from a malicious Node.js mirror's version strings
CVSS 7.5
CVE-2026-35906
CRITICAL
T3 Technology CPE T625Pro 1.0.07 and T6825G 1.0.03 - Unauthenticated Remote Code Execution via Debug CGI Endpoint
CVSS 9.6
CVE-2026-45431
HIGH
GX Earth ONT Models - Authenticated OS Command Injection
CVE-2026-3820
HIGH
Supermicro AS-2115HS-TNR BMC SMTP - OS Command Injection
CVSS 7.2
CVE-2026-50206
MEDIUM
Acer Connect M6E 5G Portable WiFi Router < M6E_AI_1.00.000019 - Command Injection
CVSS 6.8
CVE-2026-49190
HIGH
Acer Connect M6E 5G Portable WiFi Router - Missing Per-Instruction Authorization Checks
CVSS 8.8
CVE-2026-10805
MEDIUM
Networkmanager: networkmanager: local privilege escalation via malformed mud urls in dhclient backend
CVSS 6.7
CVE-2026-49185
CRITICAL
Acer Connect M6E 5G Portable WiFi Router - Instruction Injection via FieldX MDM
CVSS 9.8
CVE-2026-41010
HIGH
Cloud Foundry Foundation Bosh Director < 282.1.12 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 8.2
CVE-2026-41011
HIGH
Cloud Foundry Foundation Bosh < 282.1.12 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 8.2
CVE-2026-36576
CRITICAL
openlabs docker-wkhtmltopdf-aas - OS Command Injection via Crafted POST Request
CVSS 9.8
CVE-2026-47294
HIGH
Microsoft Office SharePoint - Remote Code Execution via Untrusted Data Deserialization
CVSS 8.0
CVE-2026-10279
MEDIUM
hiraishikentaro wezterm-mcp 0.1.0 - OS Command Injection via Pane ID Argument
CVSS 6.3
CVE-2026-10273
HIGH
php-censor Webhook Endpoint GitBuild.php os command injection
CVSS 7.3
Details
Vulnerabilities
5,945
Exploit Likelihood
High