CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,964 vulnerabilities with CWE-78
CVE-2026-21418 HIGH
Dell Unity <5.5.2 - Command Injection
CVSS 7.8
CVE-2026-1665 MEDIUM
nvm < 0.40.3 - OS Command Injection via NVM_AUTH_HEADER Environment Variable
CVE-2026-25063 HIGH
Gradle-completion <9.3.0 - Command Injection
CVSS 7.8
CVE-2026-24905 HIGH
inspektor-gadget < 0.48.1 and < 0.51.1 - Command Injection via Unsafe Makefile Parameter Embedding
CVSS 7.8
CVE-2026-1544 MEDIUM
D-Link DIR-823X 250416 - OS Command Injection via lan_gateway Parameter
CVSS 6.3
CVE-2026-1506 HIGH
D-Link DIR-615 4.10 - OS Command Injection via MAC Filter Configuration
CVSS 7.2
CVE-2026-1505 HIGH
D-Link DIR-615 4.10 - OS Command Injection via URL Filter Component
CVSS 7.2
CVE-2026-24841 CRITICAL
dokploy < 0.26.6 - Authenticated OS Command Injection via WebSocket Endpoint Parameters
CVSS 9.9
CVE-2026-23592 HIGH
HPE Aruba Networking Fabric Composer - RCE
CVSS 7.2
CVE-2026-1448 HIGH
D-Link DIR-615 Firmware < 4.10 - OS Command Injection via ipaddr Parameter
CVSS 7.2
CVE-2026-1428 HIGH
Single Sign-On Portal System - Command Injection
CVSS 8.8
CVE-2026-1427 HIGH
Single Sign-On Portal System - Command Injection
CVSS 8.8
CVE-2026-0796 HIGH
ALGO 8180 IP Audio Alerter Firmware - Authenticated Remote Code Execution via Web UI Command Injection
CVSS 8.8
CVE-2026-0795 HIGH
ALGO 8180 IP Audio Alerter - Command Injection
CVSS 8.8
CVE-2026-0787 CRITICAL
ALGO 8180 IP Audio Alerter - Command Injection
CVSS 9.8
CVE-2026-0786 HIGH
ALGO 8180 IP Audio Alerter - Command Injection
CVSS 8.8
CVE-2026-0785 HIGH
ALGO 8180 IP Audio Alerter - Command Injection
CVSS 8.8
CVE-2026-0784 HIGH
ALGO 8180 IP Audio Alerter Firmware - Authenticated Remote Code Execution via Web UI Command Injection
CVSS 8.8
CVE-2026-0783 HIGH
ALGO 8180 IP Audio Alerter Firmware - Authenticated Remote Code Execution via Web UI Command Injection
CVSS 8.8
CVE-2026-0782 HIGH
ALGO 8180 IP Audio Alerter Firmware - Authenticated Remote Code Execution via Web UI Command Injection
CVSS 8.8
CVE-2026-0781 HIGH
ALGO 8180 IP Audio Alerter Firmware - Authenticated Remote Code Execution via Web UI Command Injection
CVSS 8.8
CVE-2026-0780 HIGH
ALGO 8180 IP Audio Alerter Firmware - Authenticated Remote Code Execution via Web UI Command Injection
CVSS 8.8
CVE-2026-0779 HIGH
ALGO 8180 IP Audio Alerter - Command Injection
CVSS 8.8
CVE-2026-0765 HIGH
Open WebUI - Authenticated Remote Code Execution via install_frontmatter_requirements Function
CVSS 8.8
CVE-2026-0759 CRITICAL
Katana Network Development Starter Kit - Command Injection
CVSS 9.8
Details
Vulnerabilities 5,964
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits