CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2025-44084 CRITICAL
D-link DI-8100 16.07.26A1 - OS Command Injection via Crafted HTTP Requests
CVSS 9.8
CVE-2025-43714 MEDIUM
ChatGPT < 2025-03-30 - HTML Injection via SVG Rendering
CVSS 6.5
CVE-2025-4851 MEDIUM
TOTOLINK N300RH 6.1c.1390_B20191101 - OS Command Injection via FileName Parameter in setUploadUserData
CVSS 6.3
CVE-2025-4850 MEDIUM
TOTOLINK N300RH 6.1c.1390_B20191101 - OS Command Injection via plugin_name Parameter
CVSS 6.3
CVE-2025-4849 MEDIUM
TOTOLINK N300RH 6.1c.1390_B20191101 - OS Command Injection via CloudACMunualUpdateUserdata URL Parameter
CVSS 6.3
CVE-2025-4747 MEDIUM
Bohua NetDragon Firewall 1.0 - Command Injection
CVSS 6.3
CVE-2025-4729 MEDIUM
TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615 - OS Command Injection via macstr Parameter
CVSS 6.3
CVE-2025-32702 HIGH
Visual Studio 16.0-16.11.46 and 17.8.0-17.8.20 - Unauthenticated Command Injection
CVSS 7.8
CVE-2025-44176 MEDIUM
Tenda FH451 V1.0.0.9 - Remote Code Execution via formSafeEmailFilter
CVSS 6.5
CVE-2025-29509 HIGH
Jan <0.5.14 - Remote Code Execution
CVSS 8.8
CVE-2025-4454 MEDIUM
D-Link DIR-619L 2.04B04 - OS Command Injection via Wake-on-LAN MAC Parameter
CVSS 6.3
CVE-2025-4453 MEDIUM
D-Link DIR-619L 2.04B04 - OS Command Injection via formSysCmd sysCmd Argument
CVSS 6.3
CVE-2025-4445 MEDIUM
D-Link DIR-605L 2.13B01 - OS Command Injection via Wake-on-LAN MAC Parameter
CVSS 6.3
CVE-2025-4443 MEDIUM
D-Link DIR-605L 2.13B01 - OS Command Injection via sysCmd Argument
CVSS 6.3
CVE-2025-45798 CRITICAL
TOTOLINK A950RG V4.1.2cu.5204_B20210112 - OS Command Injection via setNoticeCfg IpTo Parameter
CVSS 9.8
CVE-2025-44023 MEDIUM
DLink DNS-320 <1.00, DNS-320LW <1.01.0914.20212 - RCE
CVSS 6.5
CVE-2025-31644 HIGH
BIG-IP TMOS Shell - Command Injection
CVSS 8.7
CVE-2025-29154 MEDIUM
Lemeconsultoria HCM galera.app <4.58.0 - Code Injection
CVSS 6.5
CVE-2025-46816 CRITICAL
goshs 0.3.4-1.0.4 - Unauthenticated Remote Code Execution via WebSocket Command Injection
CVSS 9.4
CVE-2025-46735 LOW
Terraform WinDNS Provider <1.0.5 - Command Injection
CVE-2025-26262 MEDIUM
R-fx Networks Linux Malware Detect <1.6.5 - Privilege Escalation
CVSS 6.5
CVE-2025-22476 MEDIUM
Dell Storage Manager 20.1.20 - Remote Code Execution via Command Injection
CVSS 5.5
CVE-2025-45492 CRITICAL
Netgear EX8000 V1.0.0.126 - OS Command Injection via Iface Parameter in action_wireless
CVSS 9.8
CVE-2025-45491 CRITICAL
Linksys E5600 v1.1.0.26 - OS Command Injection via DynDNS Username Parameter
CVSS 9.8
CVE-2025-45490 CRITICAL
Linksys E5600 v1.1.0.26 - OS Command Injection via DynDNS Password Parameter
CVSS 9.8
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits