CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-56097 HIGH
Ruijie RG-EW1800GX PRO Firmware - OS Command Injection via module_set POST Request
CVSS 8.8
CVE-2025-56096 HIGH
Ruijie RG-BCR600W Firmware - OS Command Injection via restart_modules POST Request
CVSS 8.8
CVE-2025-56095 HIGH
Ruijie RG-EW1200G PRO Firmware V1.00/V2.00/V3.00/V4.00 - OS Command Injection via nbr_cwmp.lua module_set POST Request
CVSS 8.8
CVE-2025-56094 HIGH
Ruijie X30-PRO and RG-EW300-PRO Firmware - OS Command Injection via module_get POST Request
CVSS 8.8
CVE-2025-56093 HIGH
Ruijie X30-PRO Firmware - OS Command Injection via setWisp POST Request
CVSS 8.8
CVE-2025-56092 HIGH
Ruijie X30 PRO V1 - OS Command Injection via module_get POST Request
CVSS 8.8
CVE-2025-56091 HIGH
Ruijie RG-EW1800GX - Command Injection
CVSS 8.8
CVE-2025-56090 HIGH
Ruijie RG-EW1200G PRO - Command Injection
CVSS 8.8
CVE-2025-56089 HIGH
Ruijie M18 EW_3.0(1)B11P226 - Command Injection
CVSS 8.8
CVE-2025-56088 HIGH
Ruijie RG-BCR RG-BCR860 - Command Injection
CVSS 8.8
CVE-2025-56087 HIGH
Ruijie RG-BCR RG-BCR600W - Command Injection
CVSS 8.8
CVE-2025-56086 HIGH
Ruijie RG-EW1200 - Command Injection
CVSS 8.8
CVE-2025-56085 HIGH
Ruijie RG-EW1200 - Command Injection
CVSS 8.8
CVE-2025-56084 HIGH
Ruijie RG-EW1800GX PRO - Command Injection
CVSS 8.8
CVE-2025-56083 HIGH
Ruijie X30-PRO X30-PRO-V1_09241521 - OS Command Injection via POST Request to nbr_networkId_merge.lua
CVSS 8.8
CVE-2025-56082 HIGH
Ruijie RG-BCR RG-BCR600W - Command Injection
CVSS 8.8
CVE-2025-56079 HIGH
Ruijie RG-EW1300G - Command Injection
CVSS 8.8
CVE-2025-56077 HIGH
Ruijie RG-RAP2200(E) - Command Injection
CVSS 8.8
CVE-2025-67738 HIGH
Webmin < 2.600 - Authenticated OS Command Injection via Squid Cache Manager
CVSS 8.5
CVE-2025-65199 HIGH
Windscribe 2.10.1-2.17.10 - Local Command Injection via changeMTU adapterName Parameter
CVSS 7.8
CVE-2025-67640 MEDIUM
Jenkins Git client Plugin < 6.4.1 - OS Command Injection via Workspace Directory Name
CVSS 5.0
CVE-2025-66626 HIGH
Argo Workflows <3.7.4 - Code Injection
CVSS 8.1
CVE-2025-65882 CRITICAL
openmptcprouter <0.64 - Code Injection
CVSS 9.8
CVE-2025-64153 HIGH
FortiExtender Firmware 7.0.0-7.0.3, 7.2.0-7.2.x, 7.4.0-7.4.7, 7.6.0-7.6.3 - OS Command Injection
CVSS 7.2
CVE-2025-53949 HIGH
Fortinet FortiSandbox <5.0.2 - Command Injection
CVSS 7.2
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits