CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,966 vulnerabilities with CWE-78
CVE-2025-13942 CRITICAL
Zyxel EX3510-B0 <5.17(ABUP.15.1)C0 - Command Injection
CVSS 9.8
CVE-2025-70328 HIGH
TOTOLINK X6000R v9.4.0cu.1498_B20250826 - Command Injection
CVSS 8.8
CVE-2025-70329 HIGH
TOTOLink X5000R v9.1.0cu_2415_B20250515 - Command Injection
CVSS 8.0
CVE-2025-70831 CRITICAL
Smanga 3.2.7 - Unauthenticated Remote Code Execution via mediaId Parameter
CVSS 9.8
CVE-2025-15559 CRITICAL
NesterSoft WorkTime - Command Injection
CVSS 9.8
CVE-2025-65791 CRITICAL
ZoneMinder 1.36.34 - Command Injection
CVSS 9.8
CVE-2025-12122 MEDIUM
Popup Box WordPress Plugin <3.2.12 - XSS
CVSS 6.4
CVE-2025-70828 HIGH
Datart v1.0.0-rc.3 - Code Injection
CVSS 8.8
CVE-2025-65480 HIGH
Pacom Unison Client 5.13.1 - Authenticated Remote Code Execution via Report Template Script Injection
CVSS 8.8
CVE-2025-11142 HIGH
Axis OS VAPIX mediaclip.cgi - Authenticated Remote Code Execution
CVSS 7.1
CVE-2025-69212 HIGH
OpenSTAManager < 2.9.8 - Authenticated OS Command Injection via P7M Filename
CVSS 8.8
CVE-2025-64111 CRITICAL
Gogs < 0.13.4 - Remote Code Execution via .git Directory File Update
CVSS 9.8
CVE-2025-11730 HIGH
Zyxel ATP-USG FLEX-50(W)-USG20(W)-VPN <5.41 - Command Injection
CVSS 7.2
CVE-2025-52626 MEDIUM
HCL AION 2.0 - OS Command Injection
CVSS 4.5
CVE-2025-9974 HIGH
Nokia ONT - Authenticated OS Command Injection via WEBUI Input Handling
CVSS 8.0
CVE-2025-51958 CRITICAL
aelsantex runcommand 2014-04-01 - Unauthenticated OS Command Injection via postaction.php
CVSS 9.8
CVE-2025-33234 HIGH
NVIDIA runx - OS Command Injection
CVSS 7.8
CVE-2025-67264 HIGH
Doogee Note59, Note59 Pro, and Note59 Pro+ - OS Command Injection via EngineerMode ADB Shell
CVSS 7.8
CVE-2025-15063 CRITICAL
Ollama MCP Server - Command Injection
CVSS 9.8
CVE-2025-15061 CRITICAL
Framelink Figma MCP Server - Command Injection
CVSS 9.8
CVE-2025-56590 CRITICAL
Apryse HTML2PDF SDK thru 11.10 - OS Command Injection via InsertFromURL Function
CVSS 9.8
CVE-2025-33230 HIGH
NVIDIA Nsight Systems for Linux - Command Injection
CVSS 7.3
CVE-2025-33228 HIGH
NVIDIA Nsight Systems - Command Injection
CVSS 7.3
CVE-2025-62193 CRITICAL
NOAA Live Access Server - Unauthenticated Remote Code Execution via PyFerret SPAWN Command
CVSS 9.8
CVE-2025-33206 HIGH
NVIDIA NSIGHT Graphics - Command Injection
CVSS 7.8
Details
Vulnerabilities 5,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits