CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,964 vulnerabilities with CWE-78
CVE-2026-0758
HIGH
mcp-server-siri-shortcuts - Command Injection, Privilege Escalation
CVSS 7.8
CVE-2026-0757
HIGH
MCP Manager for Claude Desktop - Command Injection
CVSS 8.8
CVE-2026-0756
CRITICAL
github-kanban-mcp-server - Command Injection
CVSS 9.8
CVE-2026-0755
CRITICAL
gemini-mcp-tool - Command Injection
CVSS 9.8
CVE-2026-24129
HIGH
Runtipi >=3.7.0 - Command Injection
CVSS 8.0
CVE-2026-1324
HIGH
Sangfor O&M Security Management System <= 3.0.12 - OS Command Injection
CVSS 8.8
CVE-2026-23699
HIGH
AP180 series < AP_RGOS 11.9(4)B1P8 - OS Command Injection
CVSS 7.2
CVE-2026-22844
CRITICAL
Zoom Node Multimedia Routers <5.2.1716.0 - Command Injection
CVSS 9.9
CVE-2026-20759
HIGH
TOA Corporation Multiple Network Cameras TRIFORA 3 series - Authenticated OS Command Injection
CVSS 8.8
CVE-2026-23520
CRITICAL
Arcane < 1.13.0 - Authenticated OS Command Injection via Lifecycle Label
CVSS 9.0
CVE-2026-22265
HIGH
Roxy-WI <8.2.8.2 - Command Injection
CVSS 7.5
CVE-2026-22708
CRITICAL
Cursor < 2.3 - Environment Variable Manipulation via Shell Built-in Execution
CVSS 9.8
CVE-2026-22718
MEDIUM
VSCode extension for Spring CLI - Command Injection
CVSS 6.8
CVE-2026-21267
HIGH
Dreamweaver Desktop <21.6 - Code Injection
CVSS 8.6
CVE-2026-0507
HIGH
SAP Application Server for ABAP - Command Injection
CVSS 8.4
CVE-2026-22781
CRITICAL
TinyWeb < 1.98 - Unauthenticated OS Command Injection via CGI ISINDEX Query Parameters
CVSS 9.8
CVE-2026-0855
HIGH
Merit LILIN P2 P3 Z7 P6 V1 IPD IPR LD LR - Authenticated OS Command Injection
CVSS 8.8
CVE-2026-0854
HIGH
Merit LILIN DVR/NVR - Authenticated OS Command Injection
CVSS 8.8
CVE-2026-0830
HIGH
Kiro IDE <0.6.18 - Command Injection
CVSS 7.8
CVE-2026-22035
HIGH
Greenshot < 1.3.311 - OS Command Injection via Filename Processing
CVSS 7.7
CVE-2025-66279
HIGH
QNAP Systems - QTS, QuTS Hero
CVSS 7.2
CVE-2025-66273
HIGH
QNAP Systems - QTS, QuTS Hero
CVSS 7.2
CVE-2025-69755
HIGH
Neterbit NW-431F Router vNW-431F-20241014-IR03 - RCE & Info Disclosure via at_command.asp
CVSS 8.2
CVE-2025-67447
CRITICAL
Neterbit NW-431F Router 20241014-IR03 and before - OS Command Injection via Ping IP Address Field
CVSS 9.8
CVE-2025-41281
HIGH
Waterfall WF-500 < 7.9.1.0 R2502171040 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 7.8
Details
Vulnerabilities
5,964
Exploit Likelihood
High