CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,966 vulnerabilities with CWE-78
CVE-2025-37172 HIGH
Mobility Conductors - Command Injection
CVSS 7.2
CVE-2025-37171 HIGH
Mobility Conductor - AOS-8 - Command Injection
CVSS 7.2
CVE-2025-37170 HIGH
Mobility Conductor - AOS-8 - Command Injection
CVSS 7.2
CVE-2025-64155 CRITICAL
FortiSIEM 6.7.0-6.7.10, 7.0.0-7.0.4, 7.1.0-7.1.8, 7.3.0-7.3.4, 7.4.0 - OS Command Injection via TCP Requests
CVSS 9.8
CVE-2025-13447 HIGH
Progress LoadMaster < 7.2.54.16 and < 7.2.62.2 - Authenticated Remote Code Execution via API Input Parameter
CVSS 8.4
CVE-2025-13444 HIGH
Progress LoadMaster < 7.2.62.2 - Authenticated OS Command Injection via API Input Parameters
CVSS 8.4
CVE-2025-69269 CRITICAL
Broadcom DX NetOps Spectrum < 23.3.7 - OS Command Injection
CVSS 9.8
CVE-2025-15502 HIGH
Sangfor OMS <= 3.0.8 - OS Command Injection via Hostname Parameter
CVSS 7.3
CVE-2025-15501 CRITICAL
Sangfor OMS <= 3.0.8 - OS Command Injection via WriterHandle.getCmd
CVSS 9.8
CVE-2025-15500 CRITICAL
Sangfor Operation and Maintenance Management System <= 3.0.8 - OS Command Injection via sessionPath Parameter
CVSS 9.8
CVE-2025-15499 HIGH
Sangfor O&M Management System <=3.0.8 - OS Command Injection via uploadCN Filename
CVSS 8.8
CVE-2025-46645 MEDIUM
Dell PowerProtect Data Domain - OS Command Injection
CVSS 6.5
CVE-2025-46644 MEDIUM
Dell PowerProtect Data Domain - OS Command Injection
CVSS 6.0
CVE-2025-66052 HIGH
Vivotek IP7137 Firmware 0200a - Authenticated OS Command Injection via system_ntpIt Parameter
CVSS 7.2
CVE-2025-64091 HIGH
TCIS-3 Firmware < 9.2.3.3 - Authenticated OS Command Injection via NTP Configuration
CVSS 8.6
CVE-2025-69262 HIGH
pnpm 6.25.0-10.26.2 - Remote Code Execution via .npmrc Environment Variable Substitution
CVSS 7.5
CVE-2025-6225 MEDIUM
Kieback&Peter Neutrino-GLT - Command Injection
CVE-2025-15472 HIGH
TRENDnet TEW-811DRU 1.0.2.0 - OS Command Injection via DeviceURL Parameter
CVSS 7.2
CVE-2025-15471 CRITICAL
TRENDnet TEW-713RE 1.02 - Command Injection
CVSS 9.8
CVE-2025-59157 CRITICAL
Coolify < 4.0.0-beta.420.7 - Authenticated OS Command Injection via Git Repository Field
CVSS 9.9
CVE-2025-59156 HIGH
Coolify < 4.0.0-beta.420.7 - Remote Code Execution via Docker Compose Directive Injection
CVSS 8.8
CVE-2025-5965 HIGH
Centreon Web 24.04.0-24.04.18 - Authenticated OS Command Injection in Backup Configuration
CVSS 7.2
CVE-2025-64124 HIGH
Nuvation Energy MSC <2.5.1 - Command Injection
CVSS 8.8
CVE-2025-64120 HIGH
Nuvation Energy MSC <2.5.1 - Command Injection
CVSS 8.8
CVE-2025-66398 CRITICAL
Signal K Server < 2.19.0 - Unauthenticated Remote Code Execution via Backup Validation Endpoint
CVSS 9.6
Details
Vulnerabilities 5,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits