CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,559 vulnerabilities with CWE-77
CVE-2025-62222 HIGH
GitHub Copilot Chat < 0.32.5 - Remote Code Execution via Command Injection
CVSS 8.8
CVE-2025-62214 MEDIUM
Visual Studio 2022 17.14.0-17.14.16 - Authenticated Command Injection
CVSS 6.7
CVE-2025-9223 HIGH
Zohocorp ManageEngine Applications Manager <178100 - Command Injection
CVSS 8.8
CVE-2025-63296 MEDIUM
KERUI K259 Firmware v33.53.87 - Unauthenticated Remote Code Execution via Update Script Injection
CVSS 6.5
CVE-2025-12155 HIGH
Google Cloud Looker Command Injection via User Deletion
CVE-2025-12916 MEDIUM
Sangfor Operation And Maintenance Security Management System < 3.0.11 - Command Injection
CVSS 6.3
CVE-2025-46365 MEDIUM
Dell CloudLink <8.1.1 - Command Injection
CVSS 5.3
CVE-2025-61141 HIGH
sqls-server/sqls <0.2.28 - Command Injection
CVSS 7.5
CVE-2025-60595 HIGH
SPH Engineering UgCS 5.13.0 - Remote Code Execution
CVSS 8.2
CVE-2025-1549 MEDIUM
WatchGuard Mobile VPN with SSL <12.11.5 - Privilege Escalation
CVE-2025-12313 MEDIUM
D-Link DI-7001 MINI 19.09.19A1/24.04.18B1 - OS Command Injection via /msp_info.htm cmd Parameter
CVSS 6.3
CVE-2025-12296 MEDIUM
D-Link DAP-2695 2.00RC13 - OS Command Injection in Firmware Update Handler
CVSS 4.7
CVE-2025-60801 HIGH
jshERP < 2025-08-14 - Unauthenticated Remote Code Execution via jsh_erp Function
CVSS 8.2
CVE-2025-58428 CRITICAL
Veeder-Root TLS4B ATG SOAP Interface - Authenticated Remote Command Execution
CVSS 9.9
CVE-2025-54964 HIGH
BAE SOCET GXP < 4.6.0.2 - Remote Code Execution via GXP Job Service
CVSS 8.4
CVE-2025-41721 LOW
Sauter modulo 6 and EY-modulo 5 - OS Command Injection via OpenSSL Certificate Parameter
CVSS 2.7
CVE-2025-56799 MEDIUM
Reolink 8.18.12 - Command Injection via Crafted Folder Name
CVSS 6.5
CVE-2025-57521 MEDIUM
Bambu Studio <= 2.1.1.52 - Unauthenticated Remote Code Execution via Network Plugin Loading
CVSS 6.1
CVE-2025-10020 HIGH
ManageEngine ADManager Plus < 8024 - Authenticated Command Injection in Custom Script
CVSS 8.5
CVE-2025-62696 MEDIUM
Mediawiki Foundation - Springboard Extension - Command Injection
CVE-2025-57164 MEDIUM
Flowise < 3.0.6 - Remote Code Execution via Supabase RPC Filter Input
CVSS 6.5
CVE-2025-61514 MEDIUM
SageMath, Inc CoCalc <0d2ff58 - RCE
CVSS 6.5
CVE-2025-60855 MEDIUM
Reolink Video Doorbell WiFi DB_566128M5MP_W - RCE
CVSS 5.1
CVE-2025-58132 MEDIUM
Zoom Meeting SDK < 6.5.5 - Authenticated Command Injection
CVSS 4.1
CVE-2025-34267 CRITICAL
Flowise 3.0.1-3.0.8 - Remote Code Execution via Puppeteer/Playwright Path Injection
CVSS 9.9
Details
Vulnerabilities 3,559
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits