CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-10265 HIGH
Digiever NVR < *.*.*.78 - Authenticated OS Command Injection
CVSS 8.8
CVE-2025-54123 CRITICAL
Hoverfly < 1.12.0 - Remote Code Execution via Middleware API Endpoint
CVSS 9.8
CVE-2025-43885 HIGH
Dell PowerProtect Data Manager 19.19-19.20 - OS Command Injection
CVSS 7.8
CVE-2025-43884 HIGH
Dell PowerProtect Data Manager 19.19-19.20 - OS Command Injection
CVSS 8.2
CVE-2025-56413 HIGH
1panel 2.0.8 - OS Command Injection via SSH Operate Endpoint
CVSS 8.8
CVE-2025-9997 MEDIUM
Schneider Electric Saitel DR RTU < 11.06.29 and Saitel DP RTU < 11.06.33 - OS Command Injection via BLMon in SSH Session
CVE-2025-9996 MEDIUM
Schneider Electric Saitel DR RTU < 11.06.29 & DP RTU < 11.06.33 - OS Command Injection
CVE-2025-58763 HIGH
Tautulli <2.15.3 - Command Injection
CVSS 8.0
CVE-2025-54084 HIGH
Calix GigaCenter ONT - Command Injection
CVE-2025-23344 HIGH
NVIDIA NVDebug < 1.7.0 - Remote Code Execution
CVSS 7.3
CVE-2025-58180 HIGH
OctoPrint <= 1.11.2 - Authenticated OS Command Injection via Crafted Filename in Event Handler
CVSS 8.8
CVE-2025-55048 CRITICAL
Baicells NEUTRINO and NOVA products - Command Injection
CVSS 9.8
CVE-2025-54994 CRITICAL
@akoskm/create-mcp-server-stdio < 0.0.13 - OS Command Injection via 'which-app-on-port' Tool
CVE-2025-58374 HIGH
Roo Code <3.25.23 - Command Injection
CVSS 7.8
CVE-2025-58371 CRITICAL
roo_code < 3.26.7 - Remote Code Execution via GitHub Workflow Pull Request Metadata
CVSS 9.8
CVE-2025-58370 HIGH
Roo Code <3.26.0 - Command Injection
CVSS 8.1
CVE-2025-55037 CRITICAL
TkEasyGUI <1.0.22 - Command Injection
CVSS 9.8
CVE-2025-56803 HIGH
Figma Desktop 125.6.5 - OS Command Injection via Plugin Manifest Build Field
CVSS 8.4
CVE-2025-56498 MEDIUM
Prolink PGN6401V Firmware < 8.1.2 - Authenticated OS Command Injection via pingAddr Parameter
CVSS 5.3
CVE-2025-8613 HIGH
Vacron Camera - Authenticated Remote Code Execution via webs.cgi Ping Command Injection
CVSS 7.2
CVE-2025-9573 HIGH
TYPO3 ns_backup <13.0.2 - Command Injection
CVE-2025-57799 HIGH
StreamVault <250822 - Command Injection
CVE-2025-54857 CRITICAL
SkyBridge BASIC MB-A130 <1.5.8 - Command Injection
CVSS 9.8
CVE-2025-9752 HIGH
D-Link DIR-852 1.00CN B09 - OS Command Injection via SOAP Service soapcgi_main Function
CVSS 7.3
CVE-2025-9745 MEDIUM
D-Link DI-500WF 14.04.10A1T - Code Injection
CVSS 4.7
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits