CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-25067 CRITICAL
mySCADA myPRO Manager - Command Injection
CVSS 9.8
CVE-2025-1229 MEDIUM
olajowon Loggrove - OS Command Injection via Path Argument
CVSS 6.3
CVE-2025-0110 HIGH
Palo Alto Networks PAN-OS - Command Injection
CVE-2025-1244 HIGH
Emacs - Unauthenticated Remote Code Execution via HTTP URL Redirect
CVSS 8.8
CVE-2025-24366 HIGH
SFTPGo 0.9.5-2.6.4 - Authenticated OS Command Injection via Rsync Command
CVSS 7.5
CVE-2025-20029 HIGH
F5 BIG-IP 15.1.0-15.1.10.6 - Authenticated OS Command Injection via iControl REST and TMOS Shell Save Command
CVSS 8.8
CVE-2025-25039 MEDIUM
HPE Aruba Networking ClearPass Policy Manager - Command Injection
CVSS 4.7
CVE-2025-24971 CRITICAL
DumbDrop <commit 4ff8469d - Command Injection
CVE-2025-0680 CRITICAL
New Rock Technologies OM500 IP-PBX - OS Command Injection via Cloud RPC Command Handling
CVSS 9.8
CVE-2025-20061 CRITICAL
mySCADA myPRO Manager < 1.3 and myPRO Runtime < 9.2.1 - OS Command Injection via Email POST Request
CVSS 9.8
CVE-2025-20014 CRITICAL
mySCADA myPRO Manager < 1.3 and myPRO Runtime < 9.2.1 - OS Command Injection via POST Request
CVSS 9.8
CVE-2025-0798 HIGH
MicroWorld eScan Antivirus 7.0.32 - Command Injection
CVSS 8.1
CVE-2025-24480 CRITICAL
Rockwell FactoryTalk View ME <V15 - High-Privilege Command Execution
CVE-2025-22604 CRITICAL
Cacti < 1.2.29 - Authenticated OS Command Injection via SNMP OID Parsing
CVSS 9.1
CVE-2025-22606 HIGH
Coolify < 4.0.0-beta.359 - OS Command Injection via Project Name
CVSS 7.8
CVE-2025-22605 HIGH
Coolify 4.0.0-beta.18-4.0.0-beta.252 - Authenticated Remote Code Execution via Remote Server Command Injection
CVSS 7.8
CVE-2025-23237 MEDIUM
UD-LT2 <1.00.008_SE - Command Injection
CVSS 6.6
CVE-2025-20617 HIGH
UD-LT2 firmware <1.00.008_SE - Command Injection
CVSS 7.2
CVE-2025-0528 HIGH
Tenda AC8,AC10,AC18 16.03.10.20 - Command Injection
CVSS 7.2
CVE-2025-0457 HIGH
NetVision Information airPASS 2.9.0-2.9.0.241231 and 3.0.0-3.0.0.241231 - Authenticated OS Command Injection
CVSS 8.8
CVE-2025-0356 HIGH
NEC Aterm <1.4.2-1.5.3 - Command Injection
CVSS 7.2
CVE-2025-20055 CRITICAL
Y'S corporation STEALTHONE D220 and D340 - OS Command Injection
CVSS 9.8
CVE-2025-20016 HIGH
STEALTHONE D220/D340/D440 - Authenticated OS Command Injection
CVSS 7.2
CVE-2025-0107 CRITICAL
Palo Alto Networks Expedition - Command Injection
CVSS 9.8
CVE-2024-51092 CRITICAL
LibreNMS Authenticated RCE (CVE-2024-51092)
CVSS 9.1
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits