CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,559 vulnerabilities with CWE-77
CVE-2025-59739 CRITICAL
AndSoft e-TMS 25.03 - OS Command Injection via 'm' Parameter in LOGINFRM_original.ASP
CVSS 9.8
CVE-2025-59738 CRITICAL
AndSoft e-TMS 25.03 - OS Command Injection via 'm' Parameter in /clt/LOGINFRM_BET.ASP
CVSS 9.8
CVE-2025-59737 CRITICAL
AndSoft e-TMS 25.03 - OS Command Injection via 'm' Parameter in /clt/LOGINFRM_LXA.ASP
CVSS 9.8
CVE-2025-59736 CRITICAL
AndSoft e-TMS 25.03 - OS Command Injection via 'm' Parameter in /clt/LOGINFRM_DJO.ASP
CVSS 9.8
CVE-2025-59735 CRITICAL
AndSoft e-TMS 25.03 - OS Command Injection via 'm' Parameter in /clt/LOGINFRM.ASP
CVSS 9.8
CVE-2025-59337 MEDIUM
Discourse < 3.5.1 - Command Injection via Backup Restore
CVSS 6.8
CVE-2025-61045 CRITICAL
TOTOLINK X18 V9.1.0cu.2053_B20230309 - Command Injection
CVSS 9.8
CVE-2025-61044 CRITICAL
TOTOLINK X18 V9.1.0cu.2053_B20230309 - Command Injection
CVSS 9.8
CVE-2025-61584 CRITICAL
serverless-dns <0.1.30 - Command Injection
CVE-2025-41250 HIGH
VMware vCenter 8.0-8.0 U3g, 7.0-7.0 U3w - SMTP Header Injection via Scheduled Task Notifications
CVSS 8.5
CVE-2025-11141 MEDIUM
Ruijie NBR2100G-E < 20250919 - OS Command Injection via city Parameter
CVSS 4.7
CVE-2025-11138 MEDIUM
mirweiye wenkucms <3.4 - Code Injection
CVSS 6.3
CVE-2025-11121 MEDIUM
Tenda AC18 15.03.05.19 - Command Injection
CVSS 6.3
CVE-2025-11100 MEDIUM
D-Link DIR-823X - Command Injection
CVSS 6.3
CVE-2025-11099 MEDIUM
D-Link DIR-823X 250416 - Command Injection
CVSS 6.3
CVE-2025-11098 MEDIUM
D-Link DIR-823X 250416 - Command Injection
CVSS 6.3
CVE-2025-11097 MEDIUM
D-Link DIR-823X - Command Injection
CVSS 6.3
CVE-2025-11096 MEDIUM
D-Link DIR-823X 250416 - Command Injection
CVSS 6.3
CVE-2025-11095 MEDIUM
D-Link DIR-823X 250416 - Command Injection
CVSS 6.3
CVE-2025-11092 MEDIUM
D-Link DIR-823X 250416 - Command Injection
CVSS 6.3
CVE-2025-11073 MEDIUM
Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO - Command Injection
CVSS 4.7
CVE-2025-11045 HIGH
WAYOS LQ_04, LQ_05, LQ_06, LQ_07, LQ_09 22.03.17 - OS Command Injection via Name Parameter
CVSS 7.3
CVE-2025-55848 HIGH
D-Link DIR-823X Firmware 20250416 - http_casswd Command Injection
CVSS 8.8
CVE-2025-56769 MEDIUM
hutool < 5.8.40 - Remote Code Execution via QLExpressEngine
CVSS 6.5
CVE-2025-59817 HIGH
Zenitel TCIS-3+ <9.2.3.3 Web Portal - Root Command Execution
CVSS 8.4
Details
Vulnerabilities 3,559
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits