CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,967 vulnerabilities with CWE-78
CVE-2025-44961
CRITICAL
RUCKUS SmartZone < 6.1.2 - Authenticated OS Command Injection via IP Address Field
CVSS 9.9
CVE-2025-44960
HIGH
RUCKUS SmartZone < 6.1.2 - OS Command Injection via API Parameter
CVSS 8.5
CVE-2025-30099
HIGH
Dell PowerProtect Data Domain - OS Command Injection
CVSS 7.8
CVE-2025-30098
MEDIUM
Dell PowerProtect Data Domain - OS Command Injection
CVSS 6.7
CVE-2025-30097
MEDIUM
Dell PowerProtect Data Domain - OS Command Injection
CVSS 6.7
CVE-2025-30096
MEDIUM
Dell PowerProtect Data Domain - OS Command Injection
CVSS 6.7
CVE-2025-36607
HIGH
Dell Unity Operating Environment < 5.5.1.0 - Authenticated OS Command Injection via svc_nas Utility
CVSS 7.8
CVE-2025-36606
HIGH
Dell Unity Operating Environment < 5.5.1.0 - Authenticated OS Command Injection via svc_nfssupport Utility
CVSS 7.8
CVE-2025-36604
HIGH
Dell Unity Operating Environment < 5.5.1.0 - Unauthenticated OS Command Injection
CVSS 7.3
CVE-2025-54782
HIGH
nestjs/devtools-integration < 0.2.1 - Remote Code Execution via Unsafe JavaScript Sandbox
CVSS 8.8
CVE-2025-54136
HIGH
Cursor < 1.3 - Remote Code Execution via MCP Configuration File Tampering
CVSS 7.2
CVE-2025-54133
CRITICAL
Cursor 1.1.7-1.2 - OS Command Injection via MCP Deeplink Handler
CVSS 9.6
CVE-2025-8473
MEDIUM
Alpine iLX-507 Firmware - Unauthenticated OS Command Injection via UPDM_wstpCBCUpdStart
CVSS 6.6
CVE-2025-54595
HIGH
Pearcleaner 4.4.0-4.5.1 - Unauthenticated Privilege Escalation via XPC Service
CVSS 7.3
CVE-2025-50475
CRITICAL
Russound MBX-PRE-D67F 3.1.6 - Command Injection
CVSS 9.8
CVE-2025-54430
CRITICAL
dedupe < 3f61e79102910bd355e920a2df7e44c14c9cb247 - Remote Code Execution via GitHub Actions Workflow
CVSS 9.1
CVE-2025-29534
HIGH
PowerStick Wave Dual-Band Wifi Extender V1.0 - Authenticated RCE
CVSS 8.8
CVE-2025-54418
CRITICAL
CodeIgniter < 4.6.2 - OS Command Injection via ImageMagick Handler
CVSS 9.8
CVE-2025-53695
CRITICAL
iSTAR Ultra < 6.9.2 - Authenticated OS Command Injection
CVE-2025-8259
HIGH
Vaelsys VaelsysV4 < 5.1.1/5.4.1 - OS Command Injection via xajaxargs Parameter
CVSS 7.3
CVE-2025-54415
CRITICAL
dag-factory <0.23.0a8 - Command Injection
CVE-2025-29631
CRITICAL
Gardyn Home Kit Firmware < master.619 - OS Command Injection
CVSS 9.8
CVE-2025-7404
CRITICAL
Calibre Web 0.6.24 and Autocaliweb 0.7.0 - Blind OS Command Injection
CVSS 9.8
CVE-2025-5243
CRITICAL
SMG Software Information Portal <13.06.2025 - OS Command Injection
CVSS 10.0
CVE-2025-41684
HIGH
Main Web Interface <unknown - Command Injection
CVSS 8.8
Details
Vulnerabilities
5,967
Exploit Likelihood
High