CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-9244 MEDIUM
Linksys RE6250-RE9000 1.0.013.001/1.2.07.001 - Command Injection
CVSS 6.3
CVE-2025-6183 HIGH
StrongDM macOS Client - Code Injection
CVE-2025-6181 HIGH
StrongDM sdm-cli < 47.38.0 - Authenticated Privilege Escalation via Input Validation Flaw
CVE-2025-9176 MEDIUM
neurobin shc <4.0.3 - Command Injection
CVSS 5.3
CVE-2025-9174 MEDIUM
neurobin shc <4.0.3 - Command Injection
CVSS 5.3
CVE-2025-55589 MEDIUM
TOTOLINK A3002R v4.0.0-B20230531.1404 - Command Injection
CVSS 6.5
CVE-2025-55284 HIGH
Claude Code < 1.0.4 - OS Command Injection via Confirmation Prompt Bypass
CVSS 7.5
CVE-2025-9026 HIGH
D-Link DIR-860L 2.04.B04 - OS Command Injection via SSDP ssdpcgi_main
CVSS 7.3
CVE-2025-20220 MEDIUM
Cisco Secure Firewall Management Center/FTD - Command Injection
CVSS 6.0
CVE-2025-8876 HIGH KEV
N-able N-central < 2025.3.1 - OS Command Injection
CVSS 8.8
CVE-2025-43984 CRITICAL
KuwFi GC111 CPE-LM321_V3.2 GC111-GL-LM321_V3.0_20191211 - Unauthenticated OS Command Injection via SSID Parameter
CVSS 9.8
CVE-2025-43989 MEDIUM
Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 - Comman...
CVSS 6.5
CVE-2025-50946 MEDIUM
Olivetin 2025.4.22 - Command Injection
CVSS 6.5
CVE-2025-23294 HIGH
NVIDIA WebDataset - OS Command Injection
CVSS 7.8
CVE-2025-54382 CRITICAL
Cherry Studio < 1.5.2 - Remote Code Execution via OAuth Redirect URL
CVSS 9.6
CVE-2025-54074 CRITICAL
Cherry Studio 1.2.5-1.5.1 - OS Command Injection via Malicious MCP Server in HTTP Streamable Mode
CVSS 9.8
CVE-2025-49813 HIGH
FortiADC 7.2.0 and < 7.1.1 - Authenticated OS Command Injection via HTTP Parameters
CVSS 7.2
CVE-2025-47857 MEDIUM
FortiWeb 7.4.1-7.4.7 and 7.6.0-7.6.3 - Authenticated OS Command Injection via CLI
CVSS 6.7
CVE-2025-27759 MEDIUM
FortiWeb 7.0.0-7.0.9, 7.2.0-7.2.10, 7.4.0-7.4.7, 7.6.0-7.6.3 - Authenticated OS Command Injection via CLI Commands
CVSS 6.7
CVE-2025-25256 CRITICAL
Fortinet FortiSIEM - OS Command Injection
CVSS 9.8
CVE-2025-8830 MEDIUM
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 - OS Command Injection via Hostname Parameter
CVSS 6.3
CVE-2025-8829 MEDIUM
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 - OS Command Injection via hname Parameter
CVSS 6.3
CVE-2025-8828 MEDIUM
Linksys RE6250, RE6300, RE6350, RE6500, RE7000, RE9000 - OS Command Injection via IPv6 Configuration Parameters
CVSS 6.3
CVE-2025-8827 MEDIUM
Linksys RE6250, RE6300, RE6350, RE6500, RE7000, RE9000 - OS Command Injection via staticGateway Parameter
CVSS 6.3
CVE-2025-8825 MEDIUM
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 - OS Command Injection via RP_setBasicAuto staticIp/staticNetmask
CVSS 6.3
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits