CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-23383 HIGH
Dell Unity Operating Environment < 5.5.0.0.5.259 - OS Command Injection
CVSS 7.8
CVE-2025-24383 CRITICAL
Dell Unity Operating Environment < 5.5.0.0.5.259 - Unauthenticated Arbitrary File Deletion via OS Command Injection
CVSS 9.1
CVE-2025-24382 HIGH
Dell Unity Operating Environment < 5.5.0.0.5.259 - Unauthenticated OS Command Injection
CVSS 7.3
CVE-2025-22398 CRITICAL
Dell Unity Operating Environment < 5.5.0.0.5.259 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2025-28138 CRITICAL
TOTOLINK A800R V4.1.2cu.5137_B20200730 - Unauthenticated Remote Code Execution via NoticeUrl Parameter
CVSS 9.8
CVE-2025-2257 HIGH
Total Upkeep - WordPress Backup Plugin < 1.16.10 - Authenticated Remote Code Execution via compression_level Setting
CVSS 7.2
CVE-2025-2733 MEDIUM
mannaandpoem OpenManus <2025.3.13 - Code Injection
CVSS 6.3
CVE-2025-2717 MEDIUM
D-Link DIR-823X 240126/240802 - OS Command Injection via diag_nslookup target_addr Parameter
CVSS 4.7
CVE-2025-0255 HIGH
HCL DevOps Deploy/HCL Launch - Command Injection
CVSS 7.2
CVE-2025-2701 MEDIUM
Amttgroup Hibos - Command Injection
CVSS 6.3
CVE-2025-25220 HIGH
+F FS010M <V2.0.1_1101 - Command Injection
CVSS 8.8
CVE-2025-24306 HIGH
+F FS010M <V2.0.0_1101 - Command Injection
CVSS 7.2
CVE-2025-2367 MEDIUM
Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 - Command Injection
CVSS 6.3
CVE-2025-30076 HIGH
Koha <22.11.24, 23-23.11.12, 24-24.05.07, 24.06-24.11.02 - OS Command Injection via Scheduler
CVSS 7.7
CVE-2025-20138 HIGH
Cisco IOS XR - Privilege Escalation
CVSS 8.8
CVE-2025-22368 HIGH
Mennekes Smart/Premium - Command Injection
CVE-2025-22367 HIGH
Mennekes Smart/Premium - Command Injection
CVE-2025-22366 HIGH
Mennekes Smart/Premium - Command Injection
CVE-2025-27398 LOW
SCALANCE LPE9403 - Privilege Escalation
CVSS 2.7
CVE-2025-27394 HIGH
SCALANCE LPE9403 - Privilege Escalation
CVSS 7.2
CVE-2025-27393 HIGH
SCALANCE LPE9403 - Privilege Escalation
CVSS 7.2
CVE-2025-27392 HIGH
SCALANCE LPE9403 - Privilege Escalation
CVSS 7.2
CVE-2025-2096 MEDIUM
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 - OS Command Injection via setRebootScheCfg mode Parameter
CVSS 6.3
CVE-2025-2095 MEDIUM
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 - OS Command Injection via setDmzCfg ip Parameter
CVSS 6.3
CVE-2025-2094 MEDIUM
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 - OS Command Injection via apcliKey Parameter
CVSS 6.3
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits