CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,559 vulnerabilities with CWE-77
CVE-2025-14586 MEDIUM
TOTOLINK X5000R 9.1.0cu.2089_B20211224 - Command Injection
CVSS 6.3
CVE-2025-67728 CRITICAL
Fireshare < 1.3.0 - Remote Code Execution via Malicious Filename Upload
CVSS 9.8
CVE-2025-67508 HIGH
gardenctl < 2.12.0 - Command Injection via Malicious Credential Values in Non-POSIX Shells
CVSS 8.4
CVE-2025-64993 MEDIUM
TeamViewer DEX < 29.0 - Authenticated Command Injection via 1E-ConfigMgrConsoleExtensions
CVSS 6.8
CVE-2025-64992 MEDIUM
TeamViewer DEX < 25.0 - Authenticated Command Injection via 1E-Nomad-PauseNomadJobQueue
CVSS 6.8
CVE-2025-64991 MEDIUM
TeamViewer DEX < 15.0 - Authenticated Command Injection via 1E-PatchInsights-Deploy Instruction
CVSS 6.8
CVE-2025-64988 HIGH
TeamViewer DEX < 19.2 - Authenticated Command Injection via 1E-Nomad-GetCmContentLocations Instruction
CVSS 7.2
CVE-2025-64987 HIGH
TeamViewer DEX < 21.0 - Authenticated Command Injection via 1E-Explorer-TachyonCore-CheckSimpleIoC
CVSS 7.2
CVE-2025-64986 HIGH
TeamViewer DEX < 21.0 - Authenticated Command Injection via 1E-Explorer-TachyonCore-DevicesListeningOnAPort Instruction
CVSS 7.2
CVE-2025-14485 MEDIUM
EFM ipTIME A3004T <14.19.0 - Command Injection
CVSS 5.0
CVE-2025-67511 CRITICAL
CAI Framework <= 0.5.9 - Command Injection via run_ssh_command_with_credentials
CVSS 9.6
CVE-2025-65293 MEDIUM
Aqara Camera Hub G3 4.1.9_0027 - OS Command Injection via Malicious QR Code
CVSS 6.6
CVE-2025-65292 HIGH
Aqara Hub M2/M3/Camera Hub G3 - OS Command Injection via Malicious Domain Name
CVSS 7.3
CVE-2025-64671 HIGH
GitHub Copilot < 1.5.60-243 - Unauthenticated Command Injection
CVSS 8.4
CVE-2025-54100 HIGH
Windows PowerShell - Unauthenticated Command Injection
CVSS 7.8
CVE-2025-40937 HIGH
SIMATIC CN 4100 < 4.0.1 - Authenticated Command Injection via REST API
CVSS 8.3
CVE-2025-14276 MEDIUM
Ilevia EVE X1 Server <4.6.5.0.eden - Command Injection
CVSS 5.6
CVE-2025-65363 HIGH
Ruijie RG-AP720-L Firmware 11.1.0-11.1(9)B1P21 - Authenticated Command Injection via web_action.do Command Parameter
CVSS 7.2
CVE-2025-14225 MEDIUM
D-Link DCS-930L 1.15.04 - Command Injection
CVSS 6.3
CVE-2025-14208 MEDIUM
D-Link DIR-823X - Command Injection
CVSS 6.3
CVE-2025-14204 MEDIUM
TykoDev cherry-studio-TykoFork 0.1 - Code Injection
CVSS 6.3
CVE-2025-14188 HIGH
UGREEN DH2100+ <5.3.0.251125 - Command Injection
CVSS 7.2
CVE-2025-14184 MEDIUM
SGAI Space1 NAS N1211DS <1.0.915 - Command Injection
CVSS 6.3
CVE-2025-14108 HIGH
ZSPACE Q2C NAS < 1.1.0210050 - Remote Command Injection via zfilev2_api.OpenSafe
CVSS 8.8
CVE-2025-14107 HIGH
ZSPACE Q2C NAS < 1.1.0210050 - Remote Command Injection via SafeStatus safe_dir Parameter
CVSS 8.8
Details
Vulnerabilities 3,559
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits