CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-64328 HIGH KEV
FreePBX 17.0.2.36-17.0.3 - Authenticated OS Command Injection via SSH Connection Test
CVSS 7.2
CVE-2025-11546 CRITICAL
CLUSTERPRO X and EXPRESSCLUSTER X for Linux 4.0-5.2 - Unauthenticated OS Command Injection
CVE-2025-12489 HIGH
evernote-mcp-server - Command Injection, Privilege Escalation
CVSS 7.8
CVE-2025-34239 HIGH
Advantech WebAccess/VPN < 1.1.5 - Authenticated OS Command Injection via AppManagementController.appUpgradeAction()
CVSS 7.2
CVE-2025-63334 CRITICAL
PocketVJ-CP 3.9.1 submit_opacity.php - Root Command Injection
CVSS 9.8
CVE-2025-45379 HIGH
Dell CloudLink < 8.2 - Authenticated OS Command Injection via Console
CVSS 8.4
CVE-2025-45378 CRITICAL
Dell CloudLink 8.0-8.1.2 - Authenticated Privilege Escalation via Restricted Shell Bypass
CVSS 9.1
CVE-2025-30479 HIGH
Dell CloudLink <8.2 - Command Injection
CVSS 8.4
CVE-2025-61304 CRITICAL
Dynatrace ActiveGate <1.016 - Command Injection
CVSS 9.8
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVSS 8.0
CVE-2025-64109 HIGH
Cursor CLI Beta < 2025.09.17-25b418f - MCP Project-Open Code Execution
CVSS 8.8
CVE-2025-64106 HIGH
Cursor < 2.0 - OS Command Injection via Malicious Deep-Link
CVSS 8.8
CVE-2025-11953 CRITICAL KEV
react-native-community/cli < 20.0.0 - Unauthenticated OS Command Injection via Metro Development Server
CVSS 9.8
CVE-2025-54763 HIGH
FutureNet MA/IP-K - Command Injection
CVSS 7.2
CVE-2025-34286 HIGH
Nagios XI < 2026R1 - Authenticated Remote Code Execution via Core Config Manager Run Check Command
CVSS 7.2
CVE-2025-34284 HIGH
Nagios XI < 2024R2 - Authenticated OS Command Injection via WinRM Plugin
CVSS 8.8
CVE-2025-34280 HIGH
Nagios Network Analyzer < 2024R2.0.1 - Authenticated Remote Code Execution via LDAP Certificate Removal
CVSS 7.2
CVE-2025-34134 HIGH
Nagios XI < 2024R1.4.2 - Authenticated Remote Code Execution via BPI Configuration Parameters
CVSS 7.2
CVE-2025-46423 HIGH
Dell Unity Operating Environment < 5.5.2.0 - Authenticated OS Command Injection
CVSS 7.8
CVE-2025-46422 HIGH
Dell Unity Operating Environment < 5.5.2.0 - Authenticated OS Command Injection
CVSS 7.8
CVE-2025-43942 HIGH
Dell Unity Operating Environment < 5.5.2.0 - Authenticated OS Command Injection
CVSS 7.8
CVE-2025-43941 HIGH
Dell Unity Operating Environment < 5.5.2.0 - Authenticated OS Command Injection
CVSS 7.2
CVE-2025-43940 HIGH
Dell Unity Operating Environment < 5.5.2.0 - Authenticated OS Command Injection
CVSS 7.8
CVE-2025-43939 HIGH
Dell Unity Operating Environment < 5.5.2.0 - OS Command Injection
CVSS 7.8
CVE-2025-54941 MEDIUM
Apache Airflow 3.0.0-3.0.5 - OS Command Injection via Example DAG Decorator
CVSS 4.6
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits