CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,559 vulnerabilities with CWE-77
CVE-2025-24818 HIGH
An OS Command Injection vulnerability in Nokia MantaRay NM
CVSS 8.0
CVE-2025-15379 CRITICAL
Command Injection in mlflow/mlflow
CVSS 9.8
CVE-2025-15607 CRITICAL
Authenticated Command Injection in mcsd Service of TP-Link Archer AX53
CVSS 9.8
CVE-2025-14031 HIGH
IBM Sterling B2B Integrator and IBM Sterling File Gateway Denial of Service
CVSS 7.5
CVE-2025-52365 HIGH
ccurtsinger/stabilizer szc - Command Injection
CVSS 7.8
CVE-2025-33181 HIGH
NVIDIA Cumulus Linux/NVOS - Command Injection
CVSS 7.3
CVE-2025-33180 HIGH
NVIDIA Cumulus Linux/NVOS - Command Injection
CVSS 8.0
CVE-2025-33249 HIGH
NVIDIA NeMo Framework - Code Injection
CVSS 7.8
CVE-2025-33246 HIGH
NVIDIA NeMo Framework - Command Injection
CVSS 7.8
CVE-2025-70093 HIGH
OpenSourcePOS 3.4.1 - Remote Code Execution via Crafted AJAX Response
CVSS 7.4
CVE-2025-70296 MEDIUM
Mealie 3.3.1-3.7.9 - Authenticated Stored HTML Injection in Recipe Notes Renderer
CVSS 5.4
CVE-2025-59818 CRITICAL
TCIS-3 Firmware < 9.2.3.3 - Authenticated OS Command Injection via Uploaded File Name
CVSS 10.0
CVE-2025-24293 CRITICAL
Rubygems Activestorage < 8.0.2.1 - Command Injection
CVE-2025-26385 CRITICAL
Johnson Controls Metasys - Command Injection
CVE-2025-14756 HIGH
TP-Link Archer MR600 v5 - Command Injection
CVSS 8.8
CVE-2025-15367 MEDIUM
CPython < 3.15.0a6 - Command Injection via Newline in POP3 Command
CVE-2025-15366 MEDIUM
CPython < 3.15.0a6 - Command Injection via IMAP Command Newline Injection
CVE-2025-60021 CRITICAL
Apache bRPC < 1.15.0 - Remote Command Injection via Heap Profiler extra_options Parameter
CVSS 9.8
CVE-2025-37176 MEDIUM
ArubaOS 8.6.0.0-8.10.0.21 - Authenticated Command Injection via Package Header
CVSS 6.5
CVE-2025-15502 HIGH
Sangfor OMS <= 3.0.8 - OS Command Injection via Hostname Parameter
CVSS 7.3
CVE-2025-15501 CRITICAL
Sangfor OMS <= 3.0.8 - OS Command Injection via WriterHandle.getCmd
CVSS 9.8
CVE-2025-15500 CRITICAL
Sangfor Operation and Maintenance Management System <= 3.0.8 - OS Command Injection via sessionPath Parameter
CVSS 9.8
CVE-2025-15499 HIGH
Sangfor O&M Management System <=3.0.8 - OS Command Injection via uploadCN Filename
CVSS 8.8
CVE-2025-66715 MEDIUM
Axtion ODIS < 1.8.4 - Remote Code Execution via DLL Hijacking
CVSS 6.5
CVE-2025-70161 CRITICAL
EDIMAX BR-6208AC V2_1.02 - OS Command Injection via pppUserName Field
CVSS 9.8
Details
Vulnerabilities 3,559
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits