CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-2172 MEDIUM
Aviatrix Controller <7.1.4208-8.0.0 - Command Injection
CVE-2025-23049 HIGH
Meridian Technique Materialise OrthoView <7.5.1 - Command Injection
CVE-2025-6485 MEDIUM
TOTOLINK A3002R 1.1.1-B20200824.0128 - OS Command Injection via wlanif Parameter
CVSS 6.3
CVE-2025-34030 CRITICAL
sar2html <3.2.2 - Command Injection
CVE-2025-34029 HIGH
Edimax EW-7438RPn Mini <1.13 - Command Injection
CVSS 8.8
CVE-2025-34024 HIGH
Edimax EW-7438RPn <1.13 - Command Injection
CVSS 8.8
CVE-2025-25038 CRITICAL
MiniDVBLinux <5.4 - Command Injection
CVSS 9.8
CVE-2025-44635 CRITICAL
H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series - RCE
CVSS 9.8
CVE-2025-6193 MEDIUM
TrustyAI Explainability - Command Injection
CVSS 5.9
CVE-2025-6299 MEDIUM
TOTOLINK N150RT 3.4.0-B20190525 - Command Injection
CVSS 4.7
CVE-2025-50201 CRITICAL
WeGIA < 3.4.2 - Unauthenticated OS Command Injection via Debug Info Branch Parameter
CVSS 9.8
CVE-2025-6104 HIGH
Wifi-soft UniBox Controller <20250506 - Code Injection
CVSS 8.8
CVE-2025-6103 HIGH
Wifi-soft UniBox Controller <20250506 - Code Injection
CVSS 8.8
CVE-2025-6102 HIGH
Wifi-soft UniBox Controller <20250506 - Code Injection
CVSS 8.8
CVE-2025-39240 HIGH
Hikvision Wireless Access Point - Authenticated RCE
CVSS 7.2
CVE-2025-4230 HIGH
Palo Alto Networks PAN-OS - Command Injection
CVE-2025-41663 CRITICAL
Weidmueller IE-SR-2TX-WL <V1.49, IE-SR-2TX-WL-4G-EU/US-V <V1.62 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2025-31104 HIGH
FortiADC 6.1.0-7.1.4, 7.2.0-7.2.7, 7.4.0-7.4.6, 7.6.0-7.6.1 - Authenticated OS Command Injection via HTTP Requests
CVSS 7.2
CVE-2025-5743 MEDIUM
Charging Station <version> - Command Injection
CVSS 5.5
CVE-2025-5952 HIGH
Zend.To <6.10-6 Beta - Code Injection
CVSS 7.3
CVE-2025-49141 HIGH
PSU Haxcms-nodejs < 11.0.3 - OS Command Injection
CVSS 8.5
CVE-2025-22481 HIGH
QNAP QTS and QuTS hero - Authenticated OS Command Injection
CVSS 8.8
CVE-2025-49008 CRITICAL
Atheos < 6.0.4 - OS Command Injection via Execute.php Argument Injection
CVE-2025-5621 HIGH
D-Link DIR-816 1.10CNB05 - OS Command Injection via qosClassifier dip_address/sip_address Parameter
CVSS 7.3
CVE-2025-5620 HIGH
D-Link DIR-816 1.10CNB05 - OS Command Injection via setipsec_config localIP/remoteIP Parameters
CVSS 7.3
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits