CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,565 vulnerabilities with CWE-77
CVE-2025-29519 MEDIUM
D-Link DSL-7740C Firmware DSL7740C.V6.TR069.20211230 - OS Command Injection via EXE Parameter
CVSS 5.3
CVE-2025-29517 MEDIUM
D-Link DSL-7740C Firmware DSL7740C.V6.TR069.20211230 - OS Command Injection via traceroute6 Function
CVSS 6.8
CVE-2025-29516 HIGH
D-Link DSL-7740C Firmware DSL7740C.V6.TR069.20211230 - OS Command Injection via Backup Function
CVSS 7.2
CVE-2025-9387 MEDIUM
DCN DCME-720 9.1.5.11 - Code Injection
CVSS 6.3
CVE-2025-57105 CRITICAL
D-Link DI-7400G+ Firmware - OS Command Injection via ac_mng_srv_host Parameter
CVSS 9.8
CVE-2025-55637 CRITICAL
Reolink Smart 2k+ Plug-in Wi-fi Video Doorbell With Chime Firmware - Command Injection
CVSS 9.8
CVE-2025-41451 HIGH
Danfoss AK-SM8xxA <4.3.1 - Command Injection
CVE-2025-48978 HIGH
EdgeMAX EdgeSwitch <1.11.1 - Command Injection
CVSS 7.5
CVE-2025-24285 CRITICAL
UniFi Connect EV Station Lite <1.5.2 - Command Injection
CVSS 9.8
CVE-2025-9262 MEDIUM
wong2 mcp-cli 1.13.0 - Command Injection
CVSS 5.6
CVE-2025-9244 MEDIUM
Linksys RE6250-RE9000 1.0.013.001/1.2.07.001 - Command Injection
CVSS 6.3
CVE-2025-57733 MEDIUM
JetBrains TeamCity < 2025.07.1 - SMTP Injection via Email Content Modification
CVSS 5.5
CVE-2025-9176 MEDIUM
neurobin shc <4.0.3 - Command Injection
CVSS 5.3
CVE-2025-9174 MEDIUM
neurobin shc <4.0.3 - Command Injection
CVSS 5.3
CVE-2025-52337 MEDIUM
LogicData eCommerce Framework <5.0.9.7000 - Authenticated RCE
CVSS 6.5
CVE-2025-50891 HIGH
Adform Site Tracking <2025-08-28 - RCE
CVSS 7.2
CVE-2025-9149 MEDIUM
Wavlink WL-NU516U1 M16U1_V240425 - Command Injection
CVSS 6.3
CVE-2025-55294 CRITICAL
screenshot-desktop <1.15.2 - Command Injection
CVSS 9.8
CVE-2025-50461 MEDIUM
Volcengine verl 3.0.0 - Code Injection
CVSS 6.5
CVE-2025-55591 CRITICAL
TOTOLINK-A3002R v4.0.0-B20230531.1404 - Command Injection
CVSS 9.8
CVE-2025-55590 MEDIUM
TOTOLINK A3002R v4.0.0-B20230531.1404 - Command Injection
CVSS 6.5
CVE-2025-55283 CRITICAL
aiven-db-migrate <1.0.7 - Privilege Escalation
CVSS 9.1
CVE-2025-9090 MEDIUM
Tenda AC20 16.03.08.12 - Command Injection
CVSS 6.3
CVE-2025-9026 HIGH
D-Link DIR-860L 2.04.B04 - OS Command Injection via SSDP ssdpcgi_main
CVSS 7.3
CVE-2025-50817 MEDIUM
Python-Future 1.0.0 - Code Injection
CVSS 5.4
Details
Vulnerabilities 3,565
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits