CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-23316 CRITICAL
NVIDIA Triton Inference Server < 25.08 - Remote Code Execution via Python Backend Model Name Parameter
CVSS 9.8
CVE-2025-10619 MEDIUM
sequa-mcp < 1.0.14 - OS Command Injection via OAuth Server Discovery
CVSS 6.3
CVE-2025-9972 CRITICAL
Industrial Cellular Gateway - Command Injection
CVSS 9.8
CVE-2025-59518 HIGH
LemonLDAP::NG <2.16.7 & 2.17-2.21.3 - Command Injection
CVSS 8.0
CVE-2025-58116 HIGH
WN-7D36QR - Authenticated Command Injection
CVSS 7.2
CVE-2025-10589 HIGH
N-Reporter,N-Cloud,N-Probe - Command Injection
CVSS 8.8
CVE-2025-37129 MEDIUM
EdgeConnect SD-WAN - Command Injection
CVSS 6.7
CVE-2025-37126 HIGH
HPE Aruba Networking EdgeConnect - RCE
CVSS 7.2
CVE-2025-34187 HIGH
Ilevia EVE X1/X5 Server <= 4.7.18.0.eden - OS Command Injection via Sudoers Misconfiguration
CVSS 8.8
CVE-2025-34186 CRITICAL
Ilevia EVE X1/X5 Server <= 4.7.18.0.eden - Unauthenticated OS Command Injection via Authentication Mechanism
CVSS 9.8
CVE-2025-34184 CRITICAL
Ilevia EVE X1 Server <= 4.7.18.0.eden - Unauthenticated OS Command Injection via 'passwd' Parameter
CVSS 9.8
CVE-2025-55211 HIGH
FreePBX <17.0.21 - Command Injection
CVSS 8.8
CVE-2025-59377 LOW
feisky mcp-kubernetes-server <= 0.1.11 - OS Command Injection via /mcp/kubectl Endpoint
CVSS 3.7
CVE-2025-59361 CRITICAL
chaos-mesh < 2.7.3 - Unauthenticated Remote Code Execution via cleanIptables Mutation
CVSS 9.8
CVE-2025-59360 CRITICAL
chaos-mesh < 2.7.3 - Unauthenticated Remote Code Execution via killProcesses Mutation
CVSS 9.8
CVE-2025-59359 CRITICAL
chaos-mesh < 2.7.3 - Unauthenticated Remote Code Execution via cleanTcs Mutation
CVSS 9.8
CVE-2025-10442 MEDIUM
Tenda AC9 and AC15 15.03.05.14 - OS Command Injection via formexeCommand
CVSS 6.3
CVE-2025-10441 MEDIUM
D-Link DI-8100G,DI-8200G,DI-8003G 17.12.20A1/19.12.10A1 - Command I...
CVSS 6.3
CVE-2025-10440 MEDIUM
D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003, DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1 - OS Command Injection
CVSS 6.3
CVE-2025-10359 HIGH
Wavlink WL-WN578W2 221110 - OS Command Injection via wireless.cgi macAddr Parameter
CVSS 7.3
CVE-2025-10358 HIGH
Wavlink WL-WN578W2 221110 - OS Command Injection via wireless.cgi DeleteMac Parameter
CVSS 7.3
CVE-2025-10328 MEDIUM
sourcefabric/rpi-jukebox-rfid < 2.8.0 - OS Command Injection via File Parameter in playsinglefile.php
CVSS 6.3
CVE-2025-10327 MEDIUM
sourcefabric rpi-jukebox-rfid < 2.8.0 - OS Command Injection via Playlist Parameter
CVSS 6.3
CVE-2025-10326 MEDIUM
sourcefabric rpi-jukebox-rfid < 2.8.0 - OS Command Injection via Playlist Parameter
CVSS 6.3
CVE-2025-27234 HIGH
Zabbix Agent 2 - Remote Code Execution
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits