CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-8643 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8642 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8641 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8640 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8639 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8638 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8637 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8636 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8635 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8634 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8633 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8632 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8631 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8630 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8629 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8628 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-43978 HIGH
Jointelli 5G CPE 21H01 - Command Injection
CVSS 7.4
CVE-2025-43979 HIGH
FIRSTNUM JC21A-04 - Command Injection
CVSS 7.4
CVE-2025-2611 CRITICAL
ICTBroadcast - Command Injection
CVE-2025-54987 CRITICAL
Trend Micro Apex One - Unauthenticated Remote Code Execution via Malicious Code Upload
CVSS 9.4
CVE-2025-54948 CRITICAL KEV
Trend Micro Apex One - Unauthenticated Remote Code Execution via Malicious Code Upload
CVSS 9.4
CVE-2025-54795 CRITICAL
Claude Code < 1.0.20 - OS Command Injection via Confirmation Prompt Bypass
CVSS 9.8
CVE-2025-54135 HIGH
Cursor < 1.3.9 - Remote Code Execution via MCP Configuration File Creation
CVSS 8.5
CVE-2025-51390 CRITICAL
TOTOLINK N600R V4.3.0cu.7647_B20210106 - Command Injection
CVSS 9.8
CVE-2025-34147 CRITICAL
Shenzhen Aitemi M300 - Command Injection
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits