All CosmicBytez Labs articles tagged #CWE-78, across news, security advisories, how-to guides, and projects.
A command injection vulnerability in WebdriverIO below version 9.24.0 allows remote code execution through malicious git branch names containing shell...
Dokploy versions 0.26.6 and below contain a critical OS command injection vulnerability in the appName parameter, enabling unauthenticated remote code...
A critical OS command injection flaw in Universal Robots PolyScope Dashboard Server (CVSS 9.8) allows unauthenticated attackers to execute arbitrary...
A critical CVSS 9.8 OS command injection vulnerability in the Totolink A8000RU router allows unauthenticated remote attackers to execute arbitrary...
A critical remote code execution vulnerability in the simple-git npm package allows attackers to inject arbitrary git config options via the --config...
A critical unauthenticated command injection vulnerability in the Tianxin Internet Behavior Management System's Reporter component allows attackers to...
A critical command injection vulnerability in mlflow/mlflow allows attackers to execute arbitrary shell commands by embedding metacharacters in the...
The command auto-approval module in Axon Code contains an OS Command Injection vulnerability. An incompatible Unix-based shell-quote parser is used on...
A critical chain of vulnerabilities in WWBN AVideo's CloneSite plugin allows fully unauthenticated attackers to achieve remote code execution via key...
OpenEMR versions prior to 8.0.0.2 contain a CVSS 9.1 command injection vulnerability in the backup functionality. Authenticated attackers with high...
A high-severity OS command injection vulnerability (CVSS 9.1) in the Angeet ES3 KVM switch allows authenticated attackers to execute arbitrary OS-level...