CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,559 vulnerabilities with CWE-77
CVE-2025-10689 MEDIUM
D-Link DIR-645 105B01 - OS Command Injection via soapcgi_main Service Argument
CVSS 6.3
CVE-2025-55911 MEDIUM
ClipBucket 5.5.2 Build 90 file_downloader.php - Remote Command Execution
CVSS 6.5
CVE-2025-10634 MEDIUM
D-Link DIR-823X 240126/240802/250416 - OS Command Injection via Environment Variable Handler
CVSS 6.3
CVE-2025-10629 MEDIUM
D-Link DIR-852 1.00CN B09 - Remote Command Injection via SSDP ST Argument
CVSS 6.3
CVE-2025-10628 MEDIUM
D-Link DIR-852 1.00CN B09 - OS Command Injection via Web Management Interface
CVSS 6.3
CVE-2025-10619 MEDIUM
sequa-mcp < 1.0.14 - OS Command Injection via OAuth Server Discovery
CVSS 6.3
CVE-2025-59458 HIGH
JetBrains Junie < 243.284.50 - Remote Code Execution via Improper Command Validation
CVSS 8.3
CVE-2025-56706 HIGH
Edimax BR-6473AX v1.0.28 - Remote Code Execution via Object Parameter in openwrt_getConfig Function
CVSS 8.0
CVE-2025-52053 CRITICAL
TOTOLINK X6000R V9.4.0cu.1360_B20241207 - Unauthenticated Command Injection via file_name Parameter
CVSS 9.8
CVE-2025-59376 LOW
feisky mcp-kubernetes-server < 0.1.11 - Command Injection via Chained Command Bypass
CVSS 3.7
CVE-2025-10442 MEDIUM
Tenda AC9 and AC15 15.03.05.14 - OS Command Injection via formexeCommand
CVSS 6.3
CVE-2025-10441 MEDIUM
D-Link DI-8100G,DI-8200G,DI-8003G 17.12.20A1/19.12.10A1 - Command I...
CVSS 6.3
CVE-2025-10440 MEDIUM
D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003, DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1 - OS Command Injection
CVSS 6.3
CVE-2025-10401 MEDIUM
D-Link DIR-823x Firmware < 250416 - OS Command Injection via diag_ping target_addr Parameter
CVSS 6.3
CVE-2025-10359 HIGH
Wavlink WL-WN578W2 221110 - OS Command Injection via wireless.cgi macAddr Parameter
CVSS 7.3
CVE-2025-10358 HIGH
Wavlink WL-WN578W2 221110 - OS Command Injection via wireless.cgi DeleteMac Parameter
CVSS 7.3
CVE-2025-10328 MEDIUM
sourcefabric/rpi-jukebox-rfid < 2.8.0 - OS Command Injection via File Parameter in playsinglefile.php
CVSS 6.3
CVE-2025-10327 MEDIUM
sourcefabric rpi-jukebox-rfid < 2.8.0 - OS Command Injection via Playlist Parameter
CVSS 6.3
CVE-2025-10326 MEDIUM
sourcefabric rpi-jukebox-rfid < 2.8.0 - OS Command Injection via Playlist Parameter
CVSS 6.3
CVE-2025-10325 MEDIUM
Wavlink WL-WN578W2 221110 - OS Command Injection via login.cgi ipaddr Parameter
CVSS 6.3
CVE-2025-10324 HIGH
Wavlink WL-WN578W2 221110 - OS Command Injection via firewall.cgi Parameter Manipulation
CVSS 7.3
CVE-2025-10323 HIGH
Wavlink WL-WN578W2 221110 - OS Command Injection via sel_EncrypTyp Parameter
CVSS 7.3
CVE-2025-10364 CRITICAL
Evertz SDVN 3080ipx-10G - Command Injection
CVE-2025-27233 MEDIUM
Zabbix 6.0.0-6.0.38, 7.0.0-7.0.9, 7.2.0-7.2.3 - Command Injection via smartctl Plugin Disk Parameter
CVE-2025-55319 HIGH
Agentic AI & VSCode - Command Injection
CVSS 8.8
Details
Vulnerabilities 3,559
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits