CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,565 vulnerabilities with CWE-77
CVE-2025-50515 MEDIUM
phome Empirebak 2010 - Remote Code Execution via Config File Upload
CVSS 6.5
CVE-2025-20306 MEDIUM
Cisco Secure Firewall Management Center - Command Injection
CVSS 4.9
CVE-2025-8956 MEDIUM
D-Link DIR-818L <= 1.05B01 - Remote Command Injection via ssdpcgi getenv
CVSS 6.3
CVE-2025-8937 MEDIUM
TOTOLINK N350R 1.2.3-B20130826 - OS Command Injection via formSysCmd
CVSS 6.3
CVE-2025-45317 MEDIUM
hortusfox-web 4.4 - Remote Code Execution via Zip Slip in ImportModule.php
CVSS 6.5
CVE-2025-53773 HIGH
GitHub Copilot & VS - Command Injection
CVSS 7.8
CVE-2025-8830 MEDIUM
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 - OS Command Injection via Hostname Parameter
CVSS 6.3
CVE-2025-8829 MEDIUM
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 - OS Command Injection via hname Parameter
CVSS 6.3
CVE-2025-8828 MEDIUM
Linksys RE6250, RE6300, RE6350, RE6500, RE7000, RE9000 - OS Command Injection via IPv6 Configuration Parameters
CVSS 6.3
CVE-2025-8827 MEDIUM
Linksys RE6250, RE6300, RE6350, RE6500, RE7000, RE9000 - OS Command Injection via staticGateway Parameter
CVSS 6.3
CVE-2025-8825 MEDIUM
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 - OS Command Injection via RP_setBasicAuto staticIp/staticNetmask
CVSS 6.3
CVE-2025-8823 MEDIUM
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 - OS Command Injection via setDeviceName DeviceName Parameter
CVSS 6.3
CVE-2025-8821 MEDIUM
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 - OS Command Injection via RP_setBasic bssid Parameter
CVSS 6.3
CVE-2025-8818 MEDIUM
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 - OS Command Injection via setDFSSetting lanNetmask/lanIp Parameter
CVSS 6.3
CVE-2025-8752 HIGH
wangzhixuan spring-shiro-training - OS Command Injection via /role/add Endpoint
CVSS 7.3
CVE-2025-53787 HIGH
Microsoft 365 Copilot BizChat - Info Disclosure
CVSS 8.2
CVE-2025-53774 MEDIUM
Microsoft 365 Copilot - Info Disclosure
CVSS 6.5
CVE-2025-8697 MEDIUM
agentUniverse <0.0.18 - Code Injection
CVSS 6.3
CVE-2025-54393 MEDIUM
Netwrix Directory Manager 11.0.0.0-11.1.25162.02 - Authenticated Static Code Injection
CVSS 5.4
CVE-2025-47188 MEDIUM
Mitel 6000 - OS Command Injection
CVSS 6.5
CVE-2025-7769 HIGH
Tigo Energy's CCA - Command Injection
CVE-2025-8667 MEDIUM
SkyworkAI DeepResearchAgent <08eb7f8eb9505d0094d75bb97ff7dacc3fa3bb...
CVSS 6.3
CVE-2025-8665 MEDIUM
agno-agi agno <1.7.5 - Command Injection
CVSS 6.3
CVE-2025-45512 MEDIUM
DENX U-Boot 1.1.3 - Arbitrary Code Execution via Unsigned Firmware Installation
CVSS 6.5
CVE-2025-50688 MEDIUM
TwistedWeb 14.0.0 - Command Injection
CVSS 6.5
Details
Vulnerabilities 3,565
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits