CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,967 vulnerabilities with CWE-78
CVE-2025-41683
HIGH
Main Web Interface <unknown - Command Injection
CVSS 8.8
CVE-2025-43020
MEDIUM
Poly Clariti Manager <10.12.2 - Command Injection
CVSS 6.8
CVE-2025-54072
HIGH
yt-dlp < 2025.07.21 - Remote Code Execution via --exec Option Path Expansion
CVSS 7.5
CVE-2025-7724
HIGH
VIGI NVR1104H-4P <1.1.5 - Code Injection
CVE-2025-7723
HIGH
VIGI NVR1104H-4P <1.1.5 Build 250518 - Command Injection
CVE-2025-34143
CRITICAL
ETQ Reliance CG (legacy) < MP-4583 - Auth Bypass & RCE via SYSTEM Impersonation
CVE-2025-53472
HIGH
WRC-BE36QS-B and WRC-W701-B - Command Injection
CVSS 7.2
CVE-2025-36846
CRITICAL
Eveo URVE Web Manager 27.02.2025 - Unauthenticated OS Command Injection via /_internal/pc/vpro.php Endpoint
CVSS 9.8
CVE-2025-46117
CRITICAL
Ruckus Unleashed < 200.15.6.212.14 and ZoneDirector < 10.5.1.0.279 - Authenticated OS Command Injection via .ap_debug.sh
CVSS 9.1
CVE-2025-7382
HIGH
Sophos Firewall < 21.0.2 - Unauthenticated Remote Code Execution via WebAdmin
CVSS 8.8
CVE-2025-6704
CRITICAL
Sophos Firewall < 21.0.2 - Unauthenticated Remote Code Execution via SPX Feature in HA Mode
CVSS 9.8
CVE-2025-41675
HIGH
mbnet.mini_firmware < 2.3.3 - OS Command Injection via Cloud Server Communication Script
CVSS 7.2
CVE-2025-41674
HIGH
mbnet.mini_firmware < 2.3.3 - OS Command Injection via Diagnostic Action POST Request
CVSS 7.2
CVE-2025-41673
HIGH
mbnet.mini_firmware < 2.3.3 - OS Command Injection via send_sms POST Request
CVSS 7.2
CVE-2025-24938
HIGH
Web Application - Command Injection
CVSS 8.4
CVE-2025-24936
CRITICAL
Web Application - Command Injection
CVSS 9.0
CVE-2025-54314
LOW
Thor < 1.4.0 - OS Command Injection via Unsafe Shell Command Construction
CVSS 2.8
CVE-2025-7788
MEDIUM
Xuxueli xxl-job <3.1.1 - Code Injection
CVSS 6.3
CVE-2025-34132
CRITICAL
LILIN Digital Video Recorder <2.0b60_20200207 - Command Injection
CVE-2025-34129
HIGH
LILIN DVR <2.0b60_20200207 - Command Injection
CVE-2025-34125
CRITICAL
D-Link DSP-W110A1 <1.05B01 - Command Injection
CVE-2025-34117
CRITICAL
Netcore and Netis Router Firmware - Unauthenticated Remote Code Execution via UDP Port 53413 Backdoor
CVE-2025-52379
MEDIUM
Nexxt Solutions NCM-X1800 Mesh Router <UV1.2.7 - Command Injection
CVSS 5.4
CVE-2025-34116
HIGH
IPFire < 2.19 Core Update 101 - Authenticated Remote Command Execution via proxy.cgi NCSA User Creation Form
CVE-2025-34115
HIGH
OP5 Monitor <7.1.9 - Command Injection
Details
Vulnerabilities
5,967
Exploit Likelihood
High