CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,559 vulnerabilities with CWE-77
CVE-2025-37146
HIGH
HPE ArubaOS Web Management Interface - Authenticated Remote Command Execution
CVSS 7.2
CVE-2025-37138
MEDIUM
ArubaOS 8.10.0.0-8.10.0.18 - Authenticated Command Injection via CLI Binary
CVSS 6.2
CVE-2025-37134
HIGH
ArubaOS 8.10.0.0-8.10.0.18 - Authenticated Command Injection in CLI Binary
CVSS 7.2
CVE-2025-37133
HIGH
ArubaOS 8.10.0.0-8.10.0.18 - Authenticated Command Injection in CLI Binary
CVSS 7.2
CVE-2025-11665
MEDIUM
D-Link DAP-2695 2.00RC131 - OS Command Injection in Firmware Update Handler
CVSS 4.7
CVE-2025-60838
MEDIUM
MCMS < 6.0.1 - Arbitrary File Upload and Remote Code Execution
CVSS 6.5
CVE-2025-60268
MEDIUM
JeeWMS 20250820 - Authenticated Arbitrary File Upload and Remote Code Execution via saveFiles Function
CVSS 6.5
CVE-2025-59286
CRITICAL
Microsoft 365 Copilot Chat - Command Injection
CVSS 9.3
CVE-2025-59272
CRITICAL
Microsoft 365 Copilot Chat - Information Disclosure via Command Injection
CVSS 9.3
CVE-2025-59252
CRITICAL
Microsoft 365 Word Copilot - Command Injection
CVSS 9.3
CVE-2025-56426
MEDIUM
Bagisto 2.3.6 - Remote Code Execution via Cart/Checkout API Price Calculation
CVSS 6.5
CVE-2025-11523
MEDIUM
Tenda AC7 15.03.06.44 - OS Command Injection via lanIp Parameter
CVSS 6.3
CVE-2025-11491
MEDIUM
wonderwhy-er DesktopCommanderMCP <= 0.2.13 - OS Command Injection in CommandManager
CVSS 6.3
CVE-2025-11490
MEDIUM
wonderwhy-er DesktopCommanderMCP <= 0.2.13 - OS Command Injection in Absolute Path Handler
CVSS 6.3
CVE-2025-11488
HIGH
D-Link DIR-852 <20251002 - Command Injection
CVSS 7.3
CVE-2025-61787
HIGH
Deno < 2.2.15 and 2.3.0-2.5.2 - Command Injection via Windows Batch File Execution
CVSS 8.1
CVE-2025-11407
MEDIUM
D-Link DI-7001 MINI 24.04.18B1 - Code Injection
CVSS 6.3
CVE-2025-11335
MEDIUM
D-Link DI-7100G C1 <20250928 - Command Injection
CVSS 4.7
CVE-2025-11331
MEDIUM
ideacms < 1.8 - Remote Command Injection via Website Name Handler
CVSS 4.7
CVE-2025-11303
MEDIUM
Belkin F9K1015 1.00.10 - Command Injection
CVSS 6.3
CVE-2025-11298
MEDIUM
Belkin F9K1015 1.00.10 - Command Injection
CVSS 6.3
CVE-2025-11292
MEDIUM
Belkin F9K1015 1.00.10 - Command Injection
CVSS 6.3
CVE-2025-11285
MEDIUM
samanhappy MCPHub <0.9.10 - Command Injection
CVSS 6.3
CVE-2025-59741
CRITICAL
AndSoft e-TMS 25.03 - OS Command Injection via 'm' Parameter in LOGINERRORFRM.ASP
CVSS 9.8
CVE-2025-59740
CRITICAL
AndSoft e-TMS 25.03 - OS Command Injection via 'm' Parameter in LOGINFRM_CAT.ASP
CVSS 9.8
Details
Vulnerabilities
3,559
Exploit Likelihood
High