CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,969 vulnerabilities with CWE-78
CVE-2024-51378
CRITICAL
KEV
CyberPanel < 2.3.8 - Unauthenticated OS Command Injection via DNS/FTP getresetstatus Endpoint
CVSS 10.0
CVE-2024-41153
HIGH
Hitachi Energy TRO600 Series Firmware 9.1.0.0-9.2.0.5 - Authenticated OS Command Injection via Edge Computing UI
CVSS 7.2
CVE-2024-22065
MEDIUM
ZTE MF258 Pro Firmware - Authenticated OS Command Injection via Ping Diagnosis Interface
CVSS 6.8
CVE-2024-48826
HIGH
Tenda AC7 15.03.06.44 - Unauthenticated OS Command Injection via ate_iwpriv_set
CVSS 8.8
CVE-2024-48825
HIGH
Tenda AC7 15.03.06.44 - Unauthenticated OS Command Injection via ate_ifconfig_set
CVSS 8.8
CVE-2024-48074
HIGH
DrayTek Vigor2960 Firmware 1.4.4 - Authenticated Remote Code Execution via table Parameter in doPPPoE Function
CVSS 8.0
CVE-2024-47821
CRITICAL
pyload < 0.5.0b3.dev87 - Remote Code Execution via Script Folder Download
CVSS 9.1
CVE-2024-37845
HIGH
MangoOS < 5.2.0 - Authenticated Remote Code Execution via Active Process Command
CVSS 7.2
CVE-2024-48459
HIGH
Shenzhen Tenda Technology Co., Ltd. - Command Injection
CVSS 7.3
CVE-2024-49380
HIGH
Plenti < 0.7.2 - Arbitrary File Write and Remote Code Execution via /postLocal Endpoint
CVSS 7.5
CVE-2024-45242
HIGH
EnGenius ENH1350EXT - Command Injection
CVSS 7.8
CVE-2024-48964
HIGH
Snyk CLI < 1.1294.0 - Code Injection via Gradle Project Directory Handling
CVSS 7.5
CVE-2024-48963
HIGH
Snyk CLI < 1.1294.0 - Code Injection via Current Working Directory Name
CVSS 7.5
CVE-2024-20424
CRITICAL
Cisco Secure Firewall Management Center - RCE
CVSS 9.9
CVE-2024-20275
MEDIUM
Cisco Secure Firewall Management Center - RCE
CVSS 6.1
CVE-2024-47901
CRITICAL
Siemens InterMesh 7177 Hybrid 2.0 < 8.2.12 & 7707 Fire < 7.2.12 - RCE via Web Server GET Request
CVSS 10.0
CVE-2024-10202
HIGH
Administrative Management System - Command Injection
CVSS 8.8
CVE-2024-10119
CRITICAL
SECOM WRTM326 Firmware - Unauthenticated Remote Command Execution
CVSS 9.8
CVE-2024-10118
CRITICAL
SECOM WRTR-304GN-304TW-UPSC - Command Injection
CVSS 9.8
CVE-2024-49281
MEDIUM
Click to Chat - WP Support All-in-One Floating Widget <= 2.3.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-48638
HIGH
D-Link DIR-882 and DIR-878 Firmware - OS Command Injection via SubnetMask Parameter
CVSS 8.0
CVE-2024-48637
HIGH
D-Link DIR-882 and DIR-878 Firmware - OS Command Injection via SetVLANSettings VLANID Parameter
CVSS 8.0
CVE-2024-48636
HIGH
D-Link DIR-882 and DIR-878 Firmware - OS Command Injection via SetVLANSettings VLANID Parameter
CVSS 8.0
CVE-2024-48635
HIGH
D-Link DIR-882 and DIR-878 Firmware - OS Command Injection via SetVLANSettings VLANID Parameter
CVSS 8.0
CVE-2024-48634
HIGH
D-Link DIR-882 and DIR-878 Firmware - OS Command Injection via SetWLanRadioSecurity Key Parameter
CVSS 8.0
Details
Vulnerabilities
5,969
Exploit Likelihood
High