CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,565 vulnerabilities with CWE-77
CVE-2025-10325 MEDIUM
Wavlink WL-WN578W2 221110 - OS Command Injection via login.cgi ipaddr Parameter
CVSS 6.3
CVE-2025-10324 HIGH
Wavlink WL-WN578W2 221110 - OS Command Injection via firewall.cgi Parameter Manipulation
CVSS 7.3
CVE-2025-10323 HIGH
Wavlink WL-WN578W2 221110 - OS Command Injection via sel_EncrypTyp Parameter
CVSS 7.3
CVE-2025-10364 CRITICAL
Evertz SDVN 3080ipx-10G - Command Injection
CVE-2025-27233 MEDIUM
Zabbix 6.0.0-6.0.38, 7.0.0-7.0.9, 7.2.0-7.2.3 - Command Injection via smartctl Plugin Disk Parameter
CVE-2025-55319 HIGH
Agentic AI & VSCode - Command Injection
CVSS 8.8
CVE-2025-56406 HIGH
mcp-neo4j 0.3.0 - Unauthenticated Exposure of Sensitive Information via SSE Service
CVSS 7.5
CVE-2025-59046 CRITICAL
interactive-git-checkout <= 1.1.4 - Command Injection via Branch Name
CVSS 9.8
CVE-2025-57633 CRITICAL
FTP-Flask-python <5173b68 - Command Injection
CVSS 9.8
CVE-2025-55227 HIGH
SQL Server 2016-2022 Authenticated Command Injection
CVSS 8.8
CVE-2025-10107 MEDIUM
TRENDnet TEW-831DR 1.0 - Command Injection
CVSS 4.7
CVE-2025-9161 HIGH
FactoryTalk Optix 1.5.0-1.5.9 - Remote Code Execution via MQTT Broker URI
CVSS 8.8
CVE-2025-10123 HIGH
D-Link DIR-823X < 250416 - Unauthenticated Command Injection via Hostname Parameter
CVSS 7.3
CVE-2025-57285 CRITICAL
codeceptjs 3.5.0-3.7.5 - OS Command Injection via emptyFolder Function
CVSS 9.8
CVE-2025-7388 HIGH
OpenEdge AdminServer - Authenticated RCE
CVSS 8.4
CVE-2025-9935 HIGH
TOTOLINK N600R 4.3.0cu.7866_B20220506 - Unauthenticated Command Injection via cstecgi.cgi
CVSS 7.3
CVE-2025-9934 MEDIUM
TOTOLINK X5000R 9.1.0cu.2415_B20250515 - OS Command Injection via pid Parameter
CVSS 6.3
CVE-2025-58358 HIGH
Markdownify <0.0.2 - Command Injection
CVSS 7.5
CVE-2025-55824 MEDIUM
ModStartCMS v9.5.0 - Code Injection
CVSS 6.5
CVE-2025-55372 MEDIUM
Beakon < 5.4.3 - Arbitrary File Upload and Remote Code Execution
CVSS 5.3
CVE-2025-50757 MEDIUM
Wavlink WN535K3 - Command Injection
CVSS 6.5
CVE-2025-50755 MEDIUM
Wavlink WN535K3 - Command Injection
CVSS 6.5
CVE-2025-58178 HIGH
SonarSource/sonarqube-scan-action 4.0.0-5.3.0 - Command Injection via Unsanitized Input Arguments
CVSS 7.8
CVE-2025-9769 MEDIUM
D-Link DI-7400G+ 19.12.25A1 - OS Command Injection via mng_platform.asp addr Parameter
CVSS 4.1
CVE-2025-9752 HIGH
D-Link DIR-852 1.00CN B09 - OS Command Injection via SOAP Service soapcgi_main Function
CVSS 7.3
Details
Vulnerabilities 3,565
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits