CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2025-6620 MEDIUM
TOTOLINK CA300-PoE 6.2c.884 - OS Command Injection via setUpgradeUboot FileName Parameter
CVSS 6.3
CVE-2025-6619 MEDIUM
TOTOLINK CA300-PoE 6.2c.884 - OS Command Injection via setUpgradeFW FileName Parameter
CVSS 6.3
CVE-2025-6618 MEDIUM
TOTOLINK CA300-PoE 6.2c.884 - OS Command Injection via SetWLanApcliSettings PIN Parameter
CVSS 6.3
CVE-2025-52483 CRITICAL
julialang/registrator < 1.9.5 - Remote Code Execution via Shell Injection
CVSS 9.8
CVE-2025-6485 MEDIUM
TOTOLINK A3002R 1.1.1-B20200824.0128 - OS Command Injection via wlanif Parameter
CVSS 6.3
CVE-2025-6335 MEDIUM
dedecms < 5.7.2 - Remote Command Injection via Template Handler
CVSS 4.7
CVE-2025-6299 MEDIUM
TOTOLINK N150RT 3.4.0-B20190525 - Command Injection
CVSS 4.7
CVE-2025-23170 MEDIUM
Versa Director 21.2.2 21.2.3 22.1.1-22.1.4 - OS Command Injection via shell-connect.py User Argument
CVSS 6.7
CVE-2025-49823 NONE
Constructor <3.11.3 - Code Injection
CVE-2025-6104 HIGH
Wifi-soft UniBox Controller <20250506 - Code Injection
CVSS 8.8
CVE-2025-6103 HIGH
Wifi-soft UniBox Controller <20250506 - Code Injection
CVSS 8.8
CVE-2025-6102 HIGH
Wifi-soft UniBox Controller <20250506 - Code Injection
CVSS 8.8
CVE-2025-45988 CRITICAL
b-link Firmware - OS Command Injection via cmd Parameter in bs_SetCmd Function
CVSS 9.8
CVE-2025-45987 CRITICAL
b-link Firmware - OS Command Injection via DNS Parameters
CVSS 9.8
CVE-2025-45986 CRITICAL
b-link Multiple Models - OS Command Injection via mac Parameter
CVSS 9.8
CVE-2025-45985 CRITICAL
b-link Multiple Models OS Command Injection via bs_SetSSIDHide Function
CVSS 9.8
CVE-2025-45984 CRITICAL
B-link Bl-wr9000 Firmware - Command Injection
CVSS 9.8
CVE-2025-22237 MEDIUM
SaltStack <version> - Command Injection
CVSS 6.7
CVE-2025-47959 HIGH
Visual Studio 2022 17.8.0-17.8.21 - Authenticated Remote Code Execution
CVSS 7.1
CVE-2025-4231 HIGH
Palo Alto Networks PAN-OS - Command Injection
CVSS 7.2
CVE-2025-4678 HIGH
Pandora ITSM <5.0.105 - Command Injection
CVE-2025-4653 HIGH
Pandora ITSM authenticated command injection leading to RCE via the backup function
CVE-2025-5952 HIGH
Zend.To <6.10-6 Beta - Code Injection
CVSS 7.3
CVE-2025-5836 MEDIUM
Tenda AC9 15.03.02.13 - Command Injection
CVSS 6.3
CVE-2025-22481 HIGH
QNAP QTS and QuTS hero - Authenticated OS Command Injection
CVSS 8.8
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits