CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-9727 MEDIUM
D-Link DIR-816L 206b01 - Command Injection
CVSS 6.3
CVE-2025-9377 HIGH KEV
TP-Link Archer C7(EU) V2 & TL-WR841N/ND(MS) V9 - Authenticated RCE
CVSS 7.2
CVE-2025-44015 HIGH
QNAP HybridDesk Station 4.2.0-4.2.17 - OS Command Injection
CVSS 8.4
CVE-2025-30264 HIGH
QNAP QTS and QuTS hero - Authenticated OS Command Injection
CVSS 8.8
CVE-2025-29887 HIGH
QuRouter <2.5.1.060 - Command Injection
CVSS 7.2
CVE-2025-53508 HIGH
iND Co.,Ltd HL330-DLS, HL320-DLS, LM-100, LM-200 - OS Command Injection
CVSS 7.2
CVE-2025-58062 HIGH
LSTM-Kirigaya's openmcp-client <0.1.12 - Command Injection
CVE-2025-9580 MEDIUM
LB-LINK BL-X26 1.2.8 - Command Injection
CVSS 6.3
CVE-2025-9579 MEDIUM
LB-LINK BL-X26 1.2.8 - Code Injection
CVSS 6.3
CVE-2025-9575 MEDIUM
Linksys RE6250-RE9000 - Command Injection
CVSS 6.3
CVE-2025-58059 CRITICAL
Valtimo < 12.16.0.RELEASE & 13.0.0.RELEASE-13.1.2.RELEASE - Sensitive Information Exposure
CVSS 9.1
CVE-2025-55583 CRITICAL
D-Link DIR-868L B1 - Command Injection
CVSS 9.8
CVE-2025-34160 CRITICAL
AnyShare < pre-August 2025 builds - Unauthenticated Remote Code Execution via ServiceAgent API
CVE-2025-34161 HIGH
Coolify < 4.0.0-beta.420.7 - Authenticated Remote Code Execution via Git Repository Field
CVSS 8.8
CVE-2025-20295 MEDIUM
Cisco UCS Manager Software - Privilege Escalation
CVSS 6.0
CVE-2025-20294 MEDIUM
Cisco UCS Manager Software - Command Injection
CVSS 6.5
CVE-2025-20292 MEDIUM
Cisco NX-OS Software - Command Injection
CVSS 4.4
CVE-2025-50989 CRITICAL
OPNsense <25.1.8 - Command Injection
CVSS 9.1
CVE-2025-9528 MEDIUM
Linksys E1700 1.0.0.4.003 - Command Injection
CVSS 4.7
CVE-2025-50974 MEDIUM
IPFire 2.29 - Unauthenticated OS Command Injection via Calamaris Log Exporter Parameters
CVSS 6.5
CVE-2025-9424 MEDIUM
Ruijie WS7204-A 2017.06.15 - Code Injection
CVSS 4.7
CVE-2025-9387 MEDIUM
DCN DCME-720 9.1.5.11 - Code Injection
CVSS 6.3
CVE-2025-57771 HIGH
Roo Code <3.25.5 - Command Injection
CVSS 8.1
CVE-2025-3128 CRITICAL
Mitsubishi Electric smartRTU < 3.37 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2025-9262 MEDIUM
wong2 mcp-cli 1.13.0 - Command Injection
CVSS 5.6
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits