CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2025-25792 MEDIUM
SeaCMS v13.3 - Remote Code Execution via isopen Parameter
CVSS 4.4
CVE-2025-25791 MEDIUM
YZNCMS 2.0.1 - Arbitrary File Upload and Remote Code Execution via Plugin Installation
CVSS 4.4
CVE-2025-27146 LOW
matrix-appservice-irc <3.0.3 - Command Injection
CVSS 2.7
CVE-2025-1676 MEDIUM
hzmanyun Education and Training System 3.1.1 - OS Command Injection via pdf2swf File Parameter
CVSS 6.3
CVE-2025-1616 MEDIUM
FiberHome AN5506-01A ONU GPON RP2511 - OS Command Injection via Diagnosis Destination Address
CVSS 4.7
CVE-2025-1610 MEDIUM
LB-LINK AC1900 Router 1.0.2 - OS Command Injection via set_blacklist mac/enable Parameter
CVSS 6.3
CVE-2025-1609 MEDIUM
LB-LINK AC1900 Router 1.0.2 - OS Command Injection via websGetVar Function
CVSS 6.3
CVE-2025-1608 MEDIUM
LB-LINK AC1900 Router 1.0.2 - OS Command Injection via routepwd Parameter
CVSS 6.3
CVE-2025-25768 MEDIUM
MRCMS v3.1.2 - Server-Side Template Injection in DispatcherServlet
CVSS 5.4
CVE-2025-25605 MEDIUM
Totolink X5000R V9.1.0u.6369_B20230113 - OS Command Injection via apcli_wps_gen_pincode Function
CVSS 6.5
CVE-2025-25604 MEDIUM
Totolink X5000R V9.1.0u.6369_B20230113 - OS Command Injection via vif_disable Function
CVSS 6.5
CVE-2025-25766 MEDIUM
MRCMS 3.1.2 - Arbitrary File Upload and Remote Code Execution via /file/savefile.do
CVSS 4.8
CVE-2025-1546 HIGH
BDCOM Behavior Management and Auditing System <20250210 - Code Inje...
CVSS 7.3
CVE-2025-1536 HIGH
Raisecom Multi-Service Intelligent Gateway <20250208 - Code Injection
CVSS 7.3
CVE-2025-25675 CRITICAL
Tenda AC10 V1.0 V15.03.06.23 - OS Command Injection via formexeCommand
CVSS 9.8
CVE-2025-1448 HIGH
Synway SMG Gateway Management Software <20250204 - Command Injection
CVSS 7.3
CVE-2025-1370 MEDIUM
MicroWorld eScan Antivirus 7.0.32 - OS Command Injection via Autoscan USB epsdaemon sprintf
CVSS 5.3
CVE-2025-1369 MEDIUM
eScan Antivirus 7.0.32 - OS Command Injection in USB Password Handler
CVSS 4.5
CVE-2025-1339 MEDIUM
TOTOLINK X18 9.1.0cu.2024_B20220329 - OS Command Injection via setL2tpdConfig enable Parameter
CVSS 6.3
CVE-2025-1338 HIGH
NUUO Camera <20250203 - Command Injection
CVSS 7.3
CVE-2025-0593 HIGH
Device <unknown> - Command Injection
CVSS 8.8
CVE-2025-22630 CRITICAL
MarketingFire Widget Options <4.1.0 - Command Injection
CVSS 9.9
CVE-2025-22962 HIGH
GatesAir Maxiva UAXT and VAXT - Authenticated Remote Code Execution via /json Endpoint
CVSS 7.2
CVE-2025-24861 HIGH
Product <Version - Command Injection
CVSS 7.5
CVE-2025-1229 MEDIUM
olajowon Loggrove - OS Command Injection via Path Argument
CVSS 6.3
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits