CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,967 vulnerabilities with CWE-78
CVE-2025-3363
CRITICAL
HGiga iSherlock 4.5 < 236 and 5.5 < 236 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2025-3362
CRITICAL
HGiga iSherlock 4.5 < 236 and 5.5 < 236 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2025-3361
CRITICAL
HGiga iSherlock 4.5 < 236 and 5.5 < 236 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2025-3189
MEDIUM
DoWISP < 1.16.2.50 - Stored Cross-Site Scripting via SVG Profile Picture Upload
CVE-2025-30370
HIGH
jupyterlab-git < 0.51.1 - OS Command Injection via Git Repository Path
CVSS 7.4
CVE-2025-26817
CRITICAL
Netwrix Password Secure < 9.2.1 - OS Command Injection
CVSS 9.8
CVE-2025-0676
HIGH
Moxa EDF-G1002-BP Series < 3.14 - Authenticated OS Command Injection via tcpdump
CVE-2025-0415
CRITICAL
Moxa EDF-G1002-BP Series < 3.14 - Authenticated OS Command Injection via NTP Settings
CVE-2025-26055
MEDIUM
Infinxt iEdge 100 <2.1.32 - Command Injection
CVSS 6.5
CVE-2025-31693
MEDIUM
Drupal AI <1.0.5 - Command Injection
CVSS 6.6
CVE-2025-31692
HIGH
Drupal AI <1.0.5 - Command Injection
CVSS 7.5
CVE-2025-30004
HIGH
Xorcom CompletePBX <5.2.35 - Command Injection
CVSS 8.8
CVE-2025-3002
HIGH
Digital China DCME-520 <20250320 - Code Injection
CVSS 7.3
CVE-2025-3022
CRITICAL
e-solutions e-management - Command Injection
CVE-2025-2071
CRITICAL
FAST LTA Silent Brick WebUI - Command Injection
CVE-2025-2983
MEDIUM
Legrand SMS PowerView 1.x - Command Injection
CVSS 5.5
CVE-2025-25579
CRITICAL
TOTOLINK A3002R V4.0.0-B20230531.1404 - OS Command Injection via bandstr Parameter
CVSS 9.8
CVE-2025-28256
CRITICAL
TOTOLINK A3100R V4.1.2cu.5247_B20211129 - Remote Code Execution via setWebWlanIdx in wireless.so
CVSS 9.8
CVE-2025-28219
CRITICAL
Netgear DC112A V1.0.0.64 - OS Command Injection via usb_adv.cgi deviceName Parameter
CVSS 9.8
CVE-2025-24386
HIGH
Dell Unity Operating Environment < 5.5.0.0.5.259 - OS Command Injection
CVSS 7.8
CVE-2025-24385
HIGH
Dell Unity Operating Environment < 5.5.0.0.5.259 - OS Command Injection
CVSS 7.8
CVE-2025-24380
HIGH
Dell Unity Operating Environment < 5.5.0.0.5.259 - OS Command Injection
CVSS 7.8
CVE-2025-24379
HIGH
Dell Unity Operating Environment < 5.5.0.0.5.259 - OS Command Injection
CVSS 7.8
CVE-2025-24378
HIGH
Dell Unity Operating Environment < 5.5.0.0.5.259 - OS Command Injection
CVSS 7.8
CVE-2025-24377
HIGH
Dell Unity Operating Environment < 5.5.0.0.5.259 - Authenticated OS Command Injection
CVSS 7.8
Details
Vulnerabilities
5,967
Exploit Likelihood
High