CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2025-5442 MEDIUM
Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 - OS Command Injection via RP_pingGatewayByBBS
CVSS 6.3
CVE-2025-5441 MEDIUM
Linksys RE6500, RE6250, RE6300, RE6350, RE7000, RE9000 - OS Command Injection via DeviceURL Parameter
CVSS 6.3
CVE-2025-5440 MEDIUM
Linksys RE6500, RE6250, RE6300, RE6350, RE7000, RE9000 - OS Command Injection via NTP Function
CVSS 6.3
CVE-2025-5439 MEDIUM
Linksys RE6500, RE6250, RE6300, RE6350, RE7000, RE9000 - OS Command Injection via verifyFacebookLike uid/accessToken
CVSS 6.3
CVE-2025-5438 MEDIUM
Linksys RE6500, RE6250, RE6300, RE6350, RE7000, RE9000 - OS Command Injection via WPS PIN Parameter
CVSS 6.3
CVE-2025-5113 HIGH
Diviotec Professional - Command Injection
CVE-2025-4010 HIGH
Netcom NTC 6200-NWL 222 - Command Injection
CVE-2025-48936 HIGH
Zitadel <2.70.12, <2.71.10, <3.2.2 - SSRF
CVSS 8.1
CVE-2025-48492 HIGH
GetSimple CMS <3.3.21 - Authenticated RCE
CVSS 8.8
CVE-2025-4009 CRITICAL
Evertz SDVN 3080ipx-10G - Command Injection
CVE-2025-5265 MEDIUM
Firefox < 115.24.0, 115.24-115.*, 128.11-128.*, >=139 - Command Injection via Copy as cURL Feature
CVSS 4.8
CVE-2025-5264 MEDIUM
Firefox < 115.24.0, 115.24-115.*, 128.11-128.*, >=139 - Command Injection via Copy as cURL Feature
CVSS 4.8
CVE-2025-5147 MEDIUM
Netcore NBR1005GPEV2-20250508 - Command Injection
CVSS 6.3
CVE-2025-5146 MEDIUM
Netcore NBR1005GPEV2-20250508 - Command Injection
CVSS 6.3
CVE-2025-5145 MEDIUM
Netcore Multiple Devices < 20250508 - OS Command Injection via Query String
CVSS 6.3
CVE-2025-5139 MEDIUM
Qualitor 8.20/8.24 - Command Injection via nmconexao Argument in Office 365 Connection Handler
CVSS 5.6
CVE-2025-5126 HIGH
FLIR AX8 Firmware 1.46.0-1.46.16 - Remote Command Injection via setDataTime Function
CVSS 8.8
CVE-2025-46176 MEDIUM
D-Link DIR-605L and DIR-816L Firmware - Remote Code Execution via Hardcoded Telnet Credentials
CVSS 6.5
CVE-2025-5106 HIGH
Fujian Kelixun 1.0 - Code Injection
CVSS 7.3
CVE-2025-32813 HIGH
Infoblox NetMRI < 7.6.1 - Unauthenticated Command Injection in get_saml_request
CVSS 7.2
CVE-2025-5030 MEDIUM
Ackites KillWxapkg <2.4.1 - Code Injection
CVSS 5.0
CVE-2025-20258 MEDIUM
Cisco Duo - Unauthenticated Command Injection via Email Content
CVSS 5.4
CVE-2025-4008 HIGH KEV
Meteobridge VM and Firmware < 6.2 - Unauthenticated Remote Command Execution
CVSS 8.8
CVE-2025-5000 MEDIUM
Linksys FGW3000-AH/HK <1.0.17.000000 - Command Injection
CVSS 6.3
CVE-2025-4999 MEDIUM
Linksys FGW3000-AH and FGW3000-HK < 1.0.17.000000 - Command Injection via supplicant_rnd_id_en Parameter
CVSS 6.3
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits