CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-5573 MEDIUM
D-Link DCS-932L 2.18.01 - Code Injection
CVSS 6.3
CVE-2025-5571 MEDIUM
D-Link DCS-932L 2.18.01 - Code Injection
CVSS 6.3
CVE-2025-5525 MEDIUM
Jrohy trojan <2.15.3 - Command Injection
CVSS 5.6
CVE-2025-5447 MEDIUM
Linksys RE6500-RE9000 - Code Injection
CVSS 6.3
CVE-2025-5446 MEDIUM
Linksys RE6500-RE9000 - Command Injection
CVSS 6.3
CVE-2025-5445 MEDIUM
Linksys RE6500-RE9000 - Command Injection
CVSS 6.3
CVE-2025-5444 MEDIUM
Linksys RE6500-RE9000 <1.2.07.001 - Command Injection
CVSS 6.3
CVE-2025-5443 MEDIUM
Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 - OS Command Injection via ExtChSelector Parameter
CVSS 6.3
CVE-2025-5442 MEDIUM
Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 - OS Command Injection via RP_pingGatewayByBBS
CVSS 6.3
CVE-2025-5441 MEDIUM
Linksys RE6500, RE6250, RE6300, RE6350, RE7000, RE9000 - OS Command Injection via DeviceURL Parameter
CVSS 6.3
CVE-2025-5440 MEDIUM
Linksys RE6500, RE6250, RE6300, RE6350, RE7000, RE9000 - OS Command Injection via NTP Function
CVSS 6.3
CVE-2025-5439 MEDIUM
Linksys RE6500, RE6250, RE6300, RE6350, RE7000, RE9000 - OS Command Injection via verifyFacebookLike uid/accessToken
CVSS 6.3
CVE-2025-41385 HIGH
wivia 5 Firmware - Authenticated OS Command Injection
CVSS 7.2
CVE-2025-48047 CRITICAL
NetFax Server < 3.0.1.0 - Authenticated OS Command Injection via Ping Functionality
CVE-2025-5277 CRITICAL
aws-mcp-server < 1.3.0 - OS Command Injection via Crafted Prompt
CVSS 9.6
CVE-2025-1753 HIGH
LLama-Index CLI <0.12.20 - Command Injection
CVSS 7.8
CVE-2025-5106 HIGH
Fujian Kelixun 1.0 - Code Injection
CVSS 7.3
CVE-2025-47780 HIGH
Sangoma Asterisk < 18.26.2 - OS Command Injection
CVSS 7.8
CVE-2025-3883 HIGH
eCharge Hardy Barth cPH2 Firmware - Unauthenticated Remote Code Execution via index.php GET Parameter
CVSS 8.8
CVE-2025-3882 HIGH
eCharge Hardy Barth cPH2 - Unauthenticated Remote Code Execution via nwcheckexec.php dest Parameter
CVSS 8.8
CVE-2025-3881 HIGH
eCharge Hardy Barth cPH2 - Unauthenticated Remote Code Execution via check_req.php ntp Parameter
CVSS 8.8
CVE-2025-48069 MEDIUM
Shopify ejson2env < 2.0.8 - OS Command Injection via Unsanitized stdout Output
CVSS 6.6
CVE-2025-5030 MEDIUM
Ackites KillWxapkg <2.4.1 - Code Injection
CVSS 5.0
CVE-2025-48204 MEDIUM
ns_backup < 13.0.1 - OS Command Injection
CVSS 6.8
CVE-2025-27804 MEDIUM
Device Firmware - Command Injection
CVSS 6.5
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits