Weaknesses of type CWE-78
3,786 resultsCVE-2021-40410CRITICALAn OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] thEPSS 27.9%CVE-2021-40412CRITICALAn OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [8] theEPSS 27.5%CVE-2021-30358—Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from othEPSS 27.5%CVE-2024-27172CRITICALRemote Code ExecutionEPSS 26.8%CVE-2024-32937HIGHAn os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1EPSS 26.3%CVE-2021-47667CRITICALAn OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackeEPSS 26.3%CVE-2022-2486HIGHWAVLINK WN535K2/WN535K3 os command injectionEPSS 26.1%CVE-2025-34227HIGHNagios XI < 2026R1 Configuration Wizard Authenticated Command InjectionEPSS 25.9%CVE-2023-30013CRITICALTOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. ThiEPSS 25.9%CVE-2019-5128CRITICALA command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. ExploitableEPSS 25.7%CVE-2024-0918HIGHTRENDnet TEW-800MB POST Request os command injectionEPSS 25.4%CVE-2025-34036CRITICALShenzhen TVT CCTV-DVR Command InjectionEPSS 25.3%CVE-2024-7468MEDIUMRaisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_service_manage.php sslvpn_config_mod os command injectionEPSS 24.9%CVE-2024-7469MEDIUMRaisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_vpn_web_custom.php sslvpn_config_mod os command injectionEPSS 24.9%CVE-2024-7470MEDIUMRaisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface vpn_template_style.php sslvpn_config_mod os command injectionEPSS 24.9%CVE-2012-5863—Sinapsi eSolar OS Command InjectionEPSS 24.8%CVE-2025-5965HIGHRCE via the backup feature available only to user with high privilegeEPSS 24.8%CVE-2025-60787HIGHMotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user iEPSS 24.7%CVE-2021-3708—D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the loEPSS 24.6%CVE-2018-19949CRITICALIf exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue EPSS 24.4%KEV