CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,966 vulnerabilities with CWE-78
CVE-2025-67447
CRITICAL
Neterbit NW-431F Router 20241014-IR03 and before - OS Command Injection via Ping IP Address Field
CVSS 9.8
CVE-2025-41281
HIGH
Waterfall WF-500 < 7.9.1.0 R2502171040 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 7.8
CVE-2025-41279
HIGH
Waterfall WF-500 < 7.9.1.0 R2502171040 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 7.2
CVE-2025-41277
CRITICAL
Waterfall WF-500 < 7.9.1.0 R2502171040 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 9.8
CVE-2025-41276
CRITICAL
Waterfall WF-500 < 7.9.1.0 R2502171040 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 9.8
CVE-2025-41275
CRITICAL
Waterfall WF-500 < 7.9.1.0 R2502171040 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 9.8
CVE-2025-41274
CRITICAL
Waterfall WF-500 < 7.9.1.0 R2502171040 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 9.8
CVE-2025-41272
CRITICAL
Waterfall WF-500 < 7.9.1.0 R2502171040 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 9.8
CVE-2025-41270
CRITICAL
Waterfall WF-500 < 7.9.1.0 R2502171040 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 9.8
CVE-2025-41269
CRITICAL
Waterfall WF-500 < 7.9.1.0 R2502171040 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 9.8
CVE-2025-41267
HIGH
Waterfall WF-500 < 7.9.1.0 R2502171040 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 7.2
CVE-2025-41266
HIGH
Waterfall WF-500 < 7.9.1.0 R2502171040 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 7.2
CVE-2025-41265
HIGH
Waterfall WF-500 < 7.9.1.0 R2502171040 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 7.2
CVE-2025-53870
MEDIUM
Fortinet FortiAP - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 6.7
CVE-2025-53680
MEDIUM
Fortinet FortiAP - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 6.7
CVE-2025-40949
CRITICAL
Siemens Ruggedcom Rox MX5000 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 9.1
CVE-2025-40947
HIGH
Siemens Ruggedcom Rox MX5000 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 7.5
CVE-2025-67888
HIGH
Control Web Panel /admin/index.php Unauthenticated RCE
CVSS 7.3
CVE-2025-63705
HIGH
node-ts-ocr 1.0.15 - Command Injection
CVSS 8.8
CVE-2025-9661
HIGH
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28
CVSS 8.1
CVE-2025-13605
CRITICAL
Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway
CVE-2025-71284
CRITICAL
Synway SMG Gateway Management Software OS Command Injection via radius_address
CVSS 9.8
CVE-2025-24817
HIGH
An OS Command Injection vulnerability in Nokia MantaRay NM
CVSS 8.0
CVE-2025-64340
MEDIUM
FastMCP <3.2.0 Gemini CLI Install - Command Injection
CVSS 6.7
CVE-2025-14213
HIGH
Cato's Socket WebUI is vulnerable to OS Command Injection
Details
Vulnerabilities
5,966
Exploit Likelihood
High