CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-34113 HIGH
Tiki Wiki CMS <14.1-6.14 - Command Injection
CVE-2025-34112 CRITICAL
Riverbed SteelCentral NetProfiler & NetExpress <10.8.7 - RCE
CVE-2025-34103 CRITICAL
WePresent WiPG-1000 <2.2.3.0 - Command Injection
CVE-2025-53818 HIGH
GitHub Kanban MCP Server <0.3.0 - Command Injection
CVE-2025-53623 HIGH
job-iteration < 1.11.0 - Remote Code Execution via CsvEnumerator
CVE-2025-7451 CRITICAL
Hgiga iSherlock < 4.5-137, < 5.5-137 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2025-7553 MEDIUM
D-Link DIR-818LW <20191215 - Code Injection
CVSS 4.7
CVE-2025-52988 MEDIUM
Junos OS & Junos OS Evolved Authenticated OS Command Injection via 'request system logout' CLI
CVSS 6.7
CVE-2025-52994 MEDIUM
phpThumb < 1.7.23 - OS Command Injection via gif_outputAsJpeg Parameter
CVSS 4.9
CVE-2025-50121 CRITICAL
EcoStruxure IT Data Center Expert >=8.3 - Unauthenticated Remote Code Execution via Malicious Folder Creation
CVE-2025-53637 MEDIUM
meshtastic_firmware < 2.6.6 - OS Command Injection via GitHub Action Workflow
CVSS 4.1
CVE-2025-7414 MEDIUM
Tenda O3V2 1.0.0.12(3880 - Code Injection
CVSS 6.3
CVE-2025-34102 CRITICAL
CryptoLog PHP - Unauthenticated Remote Code Execution via SQL Injection and Command Injection
CVE-2025-34101 CRITICAL
Serviio Media Server <1.8 - Command Injection
CVE-2025-34099 CRITICAL
VICIdial <2.13 RC1 - Command Injection
CVE-2025-34095 CRITICAL
Mako Server 2.5-2.6 - Command Injection
CVE-2025-34093 HIGH
Polycom HDX Series - Command Injection
CVE-2025-53542 HIGH
Kubernetes Headlamp - Command Injection
CVSS 7.7
CVE-2025-46334 HIGH
Git GUI <2.49 - Code Injection
CVSS 8.6
CVE-2025-27614 HIGH
gitk 2.41.0-2.50.0 - Remote Code Execution via Crafted Repository Filename
CVSS 8.6
CVE-2025-27613 LOW
gitk Arbitrary File Write via Untrusted Repository Clone
CVSS 3.6
CVE-2025-7407 MEDIUM
Netgear D6400 1.0.0.114 - Code Injection
CVSS 6.3
CVE-2025-6514 CRITICAL
mcp-remote >=0.0.5 <0.1.16 - OS Command Injection via Authorization Endpoint Response URL
CVSS 9.6
CVE-2025-3499 CRITICAL
Device <unknown> - Command Injection
CVSS 10.0
CVE-2025-49537 HIGH
ColdFusion <= 2025.2, 2023.14, 2021.20 - OS Command Injection
CVSS 7.9
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits