CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,667 vulnerabilities with CWE-78
CVE-2026-6028
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setPptpServerCfg os command injection
CVSS 9.8
CVE-2026-6027
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setUrlFilterRules os command injection
CVSS 9.8
CVE-2026-6026
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setPortalConfWeChat os command injection
CVSS 9.8
CVE-2026-6025
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setSyslogCfg os command injection
CVSS 9.8
CVE-2026-5997
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setLoginPasswordCfg os command injection
CVSS 9.8
CVE-2026-5996
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setAdvancedInfoShow os command injection
CVSS 9.8
CVE-2026-5995
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection
CVSS 9.8
CVE-2026-5994
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setTelnetCfg os command injection
CVSS 9.8
CVE-2026-5993
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiGuestCfg os command injection
CVSS 9.8
CVE-2026-40111
HIGH
PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)
CVSS 8.8
CVE-2026-33791
MEDIUM
Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as root
CVSS 6.7
CVE-2026-5978
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiAclRules os command injection
CVSS 9.8
CVE-2026-5977
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiBasicCfg os command injection
CVSS 9.8
CVE-2026-5976
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setStorageCfg os command injection
CVSS 9.8
CVE-2026-5975
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setDmzCfg os command injection
CVSS 9.8
CVE-2026-5974
HIGH
FoundationAgents MetaGPT terminal.py Bash.run os command injection
CVSS 7.3
CVE-2026-5973
HIGH
FoundationAgents MetaGPT common.py get_mime_type os command injection
CVSS 7.3
CVE-2026-5972
HIGH
FoundationAgents MetaGPT terminal.py Terminal.run_command os command injection
CVSS 7.3
CVE-2026-40088
CRITICAL
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai
CVSS 9.6
CVE-2026-5854
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiEasyCfg os command injection
CVSS 9.8
CVE-2026-5853
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setIpv6LanCfg os command injection
CVSS 9.8
CVE-2026-5852
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setIptvCfg os command injection
CVSS 9.8
CVE-2026-5851
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setUPnPCfg os command injection
CVSS 9.8
CVE-2026-5850
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setVpnPassCfg os command injection
CVSS 9.8
CVE-2026-5844
HIGH
D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection
CVSS 7.2
Details
Vulnerabilities
5,667
Exploit Likelihood
High