CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2025-22472 HIGH
Dell SmartFabric OS10 10.5.4.0-10.5.4.13, 10.5.5.x, 10.5.6.x, 10.6.0.x - Authenticated Command Injection
CVSS 7.8
CVE-2025-2367 MEDIUM
Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 - Command Injection
CVSS 6.3
CVE-2025-26627 HIGH
Azure Arc < 1.0.10 - Authenticated Command Injection
CVSS 7.0
CVE-2025-24049 HIGH
Azure Command Line Interface < 2.69.0 - Unauthenticated Command Injection
CVSS 8.4
CVE-2025-1497 CRITICAL
PlotAI < 0.0.7 - Remote Code Execution via Unvalidated LLM Output
CVSS 9.8
CVE-2025-2096 MEDIUM
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 - OS Command Injection via setRebootScheCfg mode Parameter
CVSS 6.3
CVE-2025-2095 MEDIUM
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 - OS Command Injection via setDmzCfg ip Parameter
CVSS 6.3
CVE-2025-2094 MEDIUM
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 - OS Command Injection via apcliKey Parameter
CVSS 6.3
CVE-2025-26331 HIGH
Dell ThinOS < 2411 - Authenticated Command Injection
CVSS 7.8
CVE-2025-25632 CRITICAL
Tenda AC15 v15.03.05.19 - OS Command Injection via Telnet Handler
CVSS 9.8
CVE-2025-1947 MEDIUM
hzmanyun Education and Training System 2.1.3 - Command Injection
CVSS 6.3
CVE-2025-1946 MEDIUM
hzmanyun Education and Training System 2.1 - Command Injection
CVSS 6.3
CVE-2025-27423 HIGH
Vim 9.1.0858-9.1.1163 - Command Injection via tar.vim Plugin
CVSS 7.1
CVE-2025-1845 MEDIUM
ESAFENET DSM 3.1.2 - Command Injection
CVSS 6.3
CVE-2025-1829 MEDIUM
TOTOLINK X18 9.1.0cu.2024_B20220329 - Code Injection
CVSS 6.3
CVE-2025-1819 MEDIUM
Tenda AC7 1200M <15.03.06.44 - Command Injection
CVSS 6.3
CVE-2025-1800 MEDIUM
D-Link DAR-7000 3.2 - Command Injection
CVSS 6.3
CVE-2025-23119 HIGH
UniFi Protect Cameras 4.74.106 Authentication Bypass & RCE via Escape Sequence Neutralization
CVSS 7.5
CVE-2025-20117 MEDIUM
Cisco Application Policy Infrastructure Controller - Authenticated Command Injection via CLI Arguments
CVSS 5.1
CVE-2025-25813 MEDIUM
SeaCMS v13.3 - Remote Code Execution via admin_files.php
CVSS 5.1
CVE-2025-25802 MEDIUM
SeaCMS v13.3 - Remote Code Execution via admin_ip.php
CVSS 5.1
CVE-2025-25797 MEDIUM
SeaCMS v13.3 - Remote Code Execution via admin_smtp.php
CVSS 5.1
CVE-2025-25796 MEDIUM
SeaCMS v13.3 - Remote Code Execution via admin_template.php
CVSS 5.1
CVE-2025-25794 MEDIUM
SeaCMS v13.3 - Remote Code Execution via admin_ping.php
CVSS 5.1
CVE-2025-25793 MEDIUM
SeaCMS v13.3 - Remote Code Execution via admin_notify.php
CVSS 5.1
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits