CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,565 vulnerabilities with CWE-77
CVE-2025-7788 MEDIUM
Xuxueli xxl-job <3.1.1 - Code Injection
CVSS 6.3
CVE-2025-52046 CRITICAL
Totolink A3300R V17.0.0cu.596_B20250515 - Unauthenticated Command Injection via mac and desc Parameters
CVSS 9.8
CVE-2025-52690 HIGH
Alcatel-Lucent OmniAccess Stellar AP AWOS <= 5.0.2 - Root Command Execution
CVSS 8.1
CVE-2025-52688 CRITICAL
Access Point <unknown> - Command Injection
CVSS 9.8
CVE-2025-52687 LOW
Alcatel-Lucent OmniAccess Stellar <= 5.0.2 GA - Authenticated JavaScript Injection and Denial of Service
CVSS 2.4
CVE-2025-49836 CRITICAL
gpt-sovits-webui < 20250228v3 - OS Command Injection via change_label Function
CVSS 9.8
CVE-2025-49835 CRITICAL
gpt-sovits-webui < 20250228v3 - OS Command Injection via open_asr Function
CVSS 9.8
CVE-2025-49834 CRITICAL
gpt-sovits-webui < 20250228v3 - OS Command Injection via denoise_inp_dir and denoise_opt_dir Parameters
CVSS 9.8
CVE-2025-49833 CRITICAL
gpt-sovits-webui < 20250228v3 - OS Command Injection via open_slice Function
CVSS 9.8
CVE-2025-52377 MEDIUM
Nexxt Solutions NCM-X1800 Mesh Router <UV1.2.7 - Command Injection
CVSS 5.4
CVE-2025-3621 CRITICAL
ActADUR <2.0.2.0 - Command Injection
CVSS 9.6
CVE-2025-51650 MEDIUM
FoxCMS < 1.2.6 - Remote Code Execution via Template File Upload
CVSS 5.6
CVE-2025-7615 MEDIUM
TOTOLINK T6 4.1.5cu.748 - Command Injection
CVSS 6.3
CVE-2025-7614 MEDIUM
TOTOLINK T6 4.1.5cu.748 - Command Injection
CVSS 6.3
CVE-2025-7613 MEDIUM
TOTOLINK T6 4.1.5cu.748 - Command Injection
CVSS 6.3
CVE-2025-50756 CRITICAL
Wavlink WN535K3 - Command Injection
CVSS 9.8
CVE-2025-7578 MEDIUM
Teledyne FLIR FB-Series O/FH-Series ID 1.3.2.16 - Command Injection
CVSS 5.0
CVE-2025-7553 MEDIUM
D-Link DIR-818LW <20191215 - Code Injection
CVSS 4.7
CVE-2025-7525 MEDIUM
TOTOLINK T6 4.1.5cu.748_B20211015 - Command Injection
CVSS 6.3
CVE-2025-7524 MEDIUM
TOTOLINK T6 4.1.5cu.748_B20211015 - Command Injection
CVSS 6.3
CVE-2025-7415 MEDIUM
Tenda O3V2 1.0.0.12(3880 - Command Injection
CVSS 6.3
CVE-2025-7414 MEDIUM
Tenda O3V2 1.0.0.12(3880 - Code Injection
CVSS 6.3
CVE-2025-7407 MEDIUM
Netgear D6400 1.0.0.114 - Code Injection
CVSS 6.3
CVE-2025-7192 MEDIUM
D-Link DIR-645 Firmware < 1.05b01 - Remote Command Injection via ssdpcgi_main
CVSS 6.3
CVE-2025-53355 HIGH
MCP Server Kubernetes <2.5.0 - Command Injection
CVSS 7.5
Details
Vulnerabilities 3,565
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits