CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,559 vulnerabilities with CWE-77
CVE-2025-37162 MEDIUM
ArubaOS < 10.7.2.0 - Authenticated Command Injection via Command Line Interface
CVSS 6.5
CVE-2025-63749 MEDIUM
pnetlab <5.3.11 - Command Injection
CVSS 6.5
CVE-2025-37163 HIGH
Aruba Airwave < 8.3.0.5 - Authenticated OS Command Injection via Command Line Interface
CVSS 7.2
CVE-2025-63258 MEDIUM
H3C ERG3/ERG5 and XiaoBei Routers - Remote Code Execution via SessionID Parameter Injection
CVSS 6.5
CVE-2025-63604 MEDIUM
baryhuang/mcp-server-aws-resources-python 0.1.0 - Code Injection
CVSS 6.5
CVE-2025-63603 MEDIUM
MCP Data Science Server 0.1.6 - Command Injection
CVSS 6.5
CVE-2025-13306 MEDIUM
D-Link DWR-M920, DWR-M921, DIR-822K, and DIR-825M - OS Command Injection via host Parameter
CVSS 6.3
CVE-2025-6945 LOW
GitLab 17.8-18.3.5, 18.4-18.4.3, 18.5-18.5.1 - Information Disclosure via Merge Request Comment Prompt Injection
CVSS 3.5
CVE-2025-60702 MEDIUM
TOTOLINK A950RG Router V5.9c.4592_B20191022_ALL - Command Injection
CVSS 6.5
CVE-2025-63406 HIGH
GroupOffice < 25.0.47 and 6.8.136 - FunctionField eval Code Execution
CVSS 8.8
CVE-2025-60676 MEDIUM
D-Link DIR-878A1 - Command Injection
CVSS 6.5
CVE-2025-60675 MEDIUM
D-Link DIR-823G <DIR823G_V1.0.2B05_20181207.bin - Command Injection
CVSS 5.4
CVE-2025-60673 MEDIUM
D-Link DIR-878A1 - Command Injection
CVSS 6.5
CVE-2025-60672 MEDIUM
D-Link DIR-878A1 - Command Injection
CVSS 6.5
CVE-2025-60701 MEDIUM
D-Link DIR-882 Router <DIR882A1_FW102B02 - Command Injection
CVSS 6.5
CVE-2025-60700 MEDIUM
D-Link DIR-882 Router - Command Injection
CVSS 6.5
CVE-2025-60698 HIGH
D-Link DIR-882 Router <DIR882A1_FW102B02 - Command Injection
CVSS 7.3
CVE-2025-60697 HIGH
D-Link DIR-882 Router <DIR882A1_FW102B02 - Command Injection
CVSS 7.3
CVE-2025-60671 MEDIUM
D-Link DIR-823G <DIR823G_V1.0.2B05_20181207.bin - Command Injection
CVSS 5.4
CVE-2025-60689 MEDIUM
Linksys E1200 v2 - Command Injection
CVSS 5.4
CVE-2025-60687 MEDIUM
ToToLink LR1200GB Router V9.1.0u.6619_B20230130 - Command Injection
CVSS 6.5
CVE-2025-60683 MEDIUM
ToToLink A720R Router V4.1.5cu.614_B20230630 - Command Injection
CVSS 6.5
CVE-2025-60682 MEDIUM
ToToLink A720R Router V4.1.5cu.614_B20230630 - Command Injection
CVSS 6.5
CVE-2025-46428 HIGH
Dell SmartFabric OS10 <10.6.1.0 - Command Injection
CVSS 8.8
CVE-2025-46427 HIGH
Dell SmartFabric OS10 <10.6.1.0 - Command Injection
CVSS 8.8
Details
Vulnerabilities 3,559
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits