CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,967 vulnerabilities with CWE-78
CVE-2025-5946
HIGH
Centreon authenticated command injection leading to RCE via broker engine
CVSS 7.2
CVE-2025-10985
HIGH
Ivanti EPMM <12.6.0.2-12.4.0.4 - Command Injection
CVSS 7.2
CVE-2025-10243
HIGH
Ivanti Endpoint Manager Mobile < 12.4.0.4 - Authenticated Remote Code Execution via Admin Panel
CVSS 7.2
CVE-2025-10242
HIGH
Ivanti Endpoint Manager Mobile < 12.4.0.4 - Authenticated Remote Code Execution via Admin Panel
CVSS 7.2
CVE-2025-47856
HIGH
FortiVoice 7.2.0, 7.0.0-7.0.6, <6.4.10 - Authenticated OS Command Injection via HTTP/HTTPS or CLI Requests
CVSS 7.2
CVE-2025-9976
CRITICAL
Station Launcher App <R2025x - Command Injection
CVSS 9.0
CVE-2025-11665
MEDIUM
D-Link DAP-2695 2.00RC131 - OS Command Injection in Firmware Update Handler
CVSS 4.7
CVE-2025-0636
HIGH
Ericsson Site Controller 6610 < S24.Q2 and RAN Compute < 24.Q1.C5 - OS Command Injection
CVSS 8.4
CVE-2025-60006
MEDIUM
Juniper Junos OS Evolved 24.2-24.2R2-S2, 24.4-24.4R2 - OS Command Injection via CLI
CVSS 5.3
CVE-2025-10239
HIGH
Flowmon <12.5.5 - Privilege Escalation
CVSS 7.2
CVE-2025-57457
HIGH
Curo UC300 <5.42.1.7.1.63R1 - Command Injection
CVSS 8.8
CVE-2025-11491
MEDIUM
wonderwhy-er DesktopCommanderMCP <= 0.2.13 - OS Command Injection in CommandManager
CVSS 6.3
CVE-2025-11490
MEDIUM
wonderwhy-er DesktopCommanderMCP <= 0.2.13 - OS Command Injection in Absolute Path Handler
CVSS 6.3
CVE-2025-36569
MEDIUM
Dell PowerProtect Data Domain OS Command Injection (7.7.1.0-8.1.0.10, 7.13.1.0-7.13.1.25, 7.10.1.0-7.10.1.50)
CVSS 6.7
CVE-2025-36567
MEDIUM
Dell PowerProtect Data Domain 7.7.1.0-8.1.0.10, 7.13.1.0-7.13.1.25, 7.10.1.0-7.10.1.50 - OS Command Injection
CVSS 6.7
CVE-2025-36566
MEDIUM
Dell PowerProtect Data Domain OS Command Injection (7.7.1.0-8.1.0.10, 7.13.1.0-7.13.1.25, 7.10.1.0-7.10.1.50)
CVSS 6.7
CVE-2025-11407
MEDIUM
D-Link DI-7001 MINI 24.04.18B1 - Code Injection
CVSS 6.3
CVE-2025-43908
MEDIUM
Dell PowerProtect Data Domain OS Authenticated OS Command Injection
CVSS 6.4
CVE-2025-43911
MEDIUM
Dell PowerProtect Data Domain OS Command Injection (7.7.1.0-8.3.0.15, 8.3.1.0, 7.13.1.0-7.13.1.30, 7.10.1.0-7.10.1.60)
CVSS 6.7
CVE-2025-43906
MEDIUM
Dell PowerProtect Data Domain OS Command Injection (Auth Required)
CVSS 6.7
CVE-2025-43890
MEDIUM
Dell PowerProtect Data Domain OS Command Injection (Authenticated)
CVSS 6.7
CVE-2025-54406
HIGH
Planet WGR-500 v1.3411b190912 - OS Command Injection via formPingCmd counts Parameter
CVSS 8.8
CVE-2025-54405
HIGH
Planet WGR-500 v1.3411b190912 - OS Command Injection via formPingCmd ipaddr Parameter
CVSS 8.8
CVE-2025-54404
HIGH
Planet WGR-500 v1.3411b190912 - OS Command Injection via new_device_name Parameter
CVSS 8.8
CVE-2025-54403
HIGH
Planet WGR-500 v1.3411b190912 - OS Command Injection via new_password Parameter
CVSS 8.8
Details
Vulnerabilities
5,967
Exploit Likelihood
High