CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,559 vulnerabilities with CWE-77
CVE-2025-59815
HIGH
Zenitel ICX500 and ICX510 < 1.4.3.3 - OS Command Injection
CVSS 8.4
CVE-2025-10964
MEDIUM
Wavlink NU516U1 Firmware - OS Command Injection via remoteManagementEnabled Parameter
CVSS 6.3
CVE-2025-29157
MEDIUM
Swagger Petstore 1.0.7 - Information Disclosure via Non-Existent Endpoint
CVSS 6.5
CVE-2025-10963
MEDIUM
Wavlink NU516U1 M16U1_V240425 - OS Command Injection via del_flag Parameter
CVSS 6.3
CVE-2025-10962
MEDIUM
Wavlink NU516U1 M16U1_V240425 - OS Command Injection via SetName Page mac_5g Parameter
CVSS 6.3
CVE-2025-29155
MEDIUM
Swagger Petstore 1.0.7 - Remote Code Execution via DELETE Endpoint
CVSS 6.5
CVE-2025-10961
MEDIUM
Wavlink NU516U1 M16U1_V240425 - OS Command Injection via Delete_Mac_list Page
CVSS 5.5
CVE-2025-10960
MEDIUM
Wavlink NU516U1 M16U1_V240425 - OS Command Injection via DeleteMac Page delete_list Parameter
CVSS 6.3
CVE-2025-10959
MEDIUM
Wavlink NU516U1 M16U1_V240425 - OS Command Injection via dmz_flag Argument
CVSS 6.3
CVE-2025-10958
MEDIUM
Wavlink NU516U1 M16U1_V240425 - OS Command Injection via AddMac Page macAddr Parameter
CVSS 6.3
CVE-2025-59834
CRITICAL
srmorete adb_mcp_server < 0.1.0 - OS Command Injection in MCP Server Tool Implementation
CVSS 9.8
CVE-2025-59831
HIGH
git-commiters < 0.1.2 - OS Command Injection via Unsanitized Options
CVSS 8.8
CVE-2025-20334
HIGH
Cisco IOS XE Software RCE via HTTP API Subsystem
CVSS 8.8
CVE-2025-45326
MEDIUM
PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 - Remote Code Execution via submit_size.php
CVSS 6.5
CVE-2025-29083
MEDIUM
CSZ-CMS 1.3.0 - Remote Code Execution via Plugin_Manager.php execSqlFile Function
CVSS 6.5
CVE-2025-10814
MEDIUM
D-Link DIR-823X 240126/240802/250416 - OS Command Injection via Goahead Port Argument
CVSS 6.3
CVE-2025-57685
HIGH
LB-Link routers - Command Injection
CVSS 8.8
CVE-2025-43953
HIGH
2wcom IP-4c 2.16 - Authenticated Remote Code Execution via Ping or Traceroute Field
CVSS 8.8
CVE-2025-10775
MEDIUM
Wavlink WL-NU516U1 240425 - OS Command Injection via login.cgi ipaddr Parameter
CVSS 4.7
CVE-2025-10774
MEDIUM
Ruijie 6000-E10 <2.4.3.6-20171117 - Code Injection
CVSS 4.7
CVE-2025-10767
MEDIUM
CosmodiumCS OnlyRAT <3.2 - Code Injection
CVSS 4.5
CVE-2025-59689
MEDIUM
KEV
Libraesva ESG 4.5-5.5.x - OS Command Injection via Compressed Email Attachment
CVSS 6.1
CVE-2025-57296
MEDIUM
Tenda AC6 Firmware 15.03.05.19 - Command Injection via SetIPTVCfg vlanId Parameter
CVSS 6.5
CVE-2025-10035
CRITICAL
KEV
Fortra GoAnywhere MFT < 7.6.3 - Deserialization of Untrusted Data via License Servlet
CVSS 10.0
CVE-2025-57293
HIGH
COMFAST CF-XR11 Firmware V2.7.2 - OS Command Injection via multi_pppoe API phy_interface Parameter
CVSS 8.8
Details
Vulnerabilities
3,559
Exploit Likelihood
High