CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,964 vulnerabilities with CWE-78
CVE-2026-3037 HIGH
XWEB Pro <=1.12.1 - Command Injection
CVSS 8.0
CVE-2026-25721 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-25196 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-25105 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-25037 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-24452 HIGH
XWEB Pro <=1.12.1 - Command Injection
CVSS 8.0
CVE-2026-23702 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-20764 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-25195 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-25111 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-25109 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-24695 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-24689 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-24663 CRITICAL
XWEB Pro <1.12.1 - Command Injection
CVSS 9.0
CVE-2026-24517 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-21389 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-20910 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-20902 HIGH
XWEB Pro <=1.12.1 - Command Injection
CVSS 8.0
CVE-2026-20742 HIGH
XWEB Pro <1.12.1 - Command Injection
CVSS 8.0
CVE-2026-28279 HIGH
osctrl < 0.5.0 - Authenticated OS Command Injection via Hostname Parameter
CVSS 7.3
CVE-2026-28269 MEDIUM
Kiteworks <9.2.0 - Command Injection
CVSS 5.9
CVE-2026-28207 MEDIUM
Zen C < 0.4.2 - OS Command Injection via Output Filename Argument
CVSS 6.6
CVE-2026-27965 CRITICAL
Vitess <23.0.3/22.0.4 - Code Injection
CVSS 9.9
CVE-2026-27938 HIGH
WPGraphQL <2.9.1 - Command Injection
CVSS 7.7
CVE-2026-27635 HIGH
Manyfold <0.133.0 - Authenticated RCE
CVSS 7.5
Details
Vulnerabilities 5,964
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits