CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-6771 HIGH
Ivanti Endpoint Manager Mobile < 12.3.0.3 - Authenticated Remote Code Execution via OS Command Injection
CVSS 7.2
CVE-2025-6770 HIGH
Ivanti Endpoint Manager Mobile < 12.5.0.2 - Authenticated Remote Code Execution via OS Command Injection
CVSS 7.2
CVE-2025-25269 HIGH
Phoenixcontact CHARX SEC-3000/3050/3100/3150 Firmware <= 1.7.3 - Command Injection
CVSS 8.4
CVE-2025-7154 MEDIUM
TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216 - OS Command Injection via Hostname Parameter
CVSS 6.3
CVE-2025-20319 MEDIUM
Splunk Enterprise <9.4.3, 9.3.5, 9.2.7, 9.1.10 - RCE
CVSS 6.8
CVE-2025-53376 HIGH
Dokploy <0.23.7 - Command Injection
CVSS 8.8
CVE-2025-3705 MEDIUM
Frauscher FDS101, FDS102, and FDS-SNMP101 - OS Command Injection via USB Config File
CVSS 6.8
CVE-2025-3626 CRITICAL
Device <unknown> - Command Injection
CVSS 9.1
CVE-2025-48501 CRITICAL
Nimesa Backup and Recovery <2.4 - Command Injection
CVSS 9.8
CVE-2025-7145 HIGH
ThreatSonar Anti-Ransomware - Command Injection
CVSS 7.2
CVE-2025-7097 HIGH
Comodo Internet Security Premium 12.3.4.8162 - OS Command Injection via cis_update_x64.xml Manifest File Handler
CVSS 8.1
CVE-2025-7083 MEDIUM
Belkin F9K1122 1.00.33 - OS Command Injection via mp Function
CVSS 6.3
CVE-2025-7082 MEDIUM
Belkin F9K1122 1.00.33 - OS Command Injection via wan_ipaddr/wan_netmask/wan_gateway/wl_ssid Parameters
CVSS 6.3
CVE-2025-7081 MEDIUM
Belkin F9K1122 1.00.33 - OS Command Injection via formSetWanStatic Parameters
CVSS 6.3
CVE-2025-47228 MEDIUM
Netmake ScriptCase <9.12.006 - Command Injection
CVSS 6.7
CVE-2025-34088 HIGH
Pandora FMS <7.0NG - Command Injection
CVSS 8.8
CVE-2025-34087 HIGH
Pi-hole < 3.3 - Authenticated OS Command Injection via Allowlist Domain Parameter
CVSS 8.8
CVE-2025-34082 CRITICAL
IGEL OS <11.04.270 - Command Injection
CVE-2025-20308 MEDIUM
Cisco Spaces Connector - Privilege Escalation
CVSS 6.0
CVE-2025-34073 CRITICAL
stamparm/maltrail <=0.54 - Command Injection
CVE-2025-53100 HIGH
RestDB's Codehooks.io MCP Server <0.2.2 - Command Injection
CVE-2025-34056 CRITICAL
AVTECH IP camera - Command Injection
CVE-2025-34055 CRITICAL
AVTECH DVR-NVR-IP Camera - Command Injection
CVE-2025-34054 CRITICAL
AVTECH IP camera, DVR, and NVR Devices - Unauthenticated OS Command Injection via Search.cgi Parameters
CVE-2025-26074 CRITICAL
Conductor Core < 3.21.13 - Remote Code Execution via Java Class Access
CVSS 9.8
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits