Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1153

1153 vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-7192 D-Link DIR-645 ssdpcgi cgibin ssdpcgi_main command injection — DIR-645 6.3 Medium2025-07-08
CVE-2025-53372 node-code-sandbox-mcp has a Sandbox Escape via Command Injection — node-code-sandbox-mcp 7.5 High2025-07-08
CVE-2025-53104 gluestack-ui Command Injection Vulnerability via discussion-to-slack GitHub Action Workflow — gluestack-ui 9.1 Critical2025-07-01
CVE-2025-53107 @cyanheads/git-mcp-server vulnerable to command injection in several tools — git-mcp-server 7.5 High2025-07-01
CVE-2025-52995 File Browser vulnerable to command execution allowlist bypass — filebrowser 8.1 High2025-06-30
CVE-2025-53098 Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol — Roo-Code 8.1 High2025-06-27
CVE-2025-6775 xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection — openvpn-cms-flask 6.3 Medium2025-06-27
CVE-2025-6522 TrendMakers Sight Bulb Pro Command Injection — Sight Bulb Pro Firmware ZJ_CG32-2201 5.4 Medium2025-06-27
CVE-2025-5306 Command Injection in Netflow path — Pandora FMS 9.8AICriticalAI2025-06-27
CVE-2025-52904 File Browser: Command Execution not Limited to Scope — filebrowser 8.1 High2025-06-26
CVE-2025-52903 File Browser Allows Execution of Shell Commands That Can Spawn Other Commands — filebrowser 8.1 High2025-06-26
CVE-2025-52483 Registrator.jl Vulnerable to Argument Injection and Command Injection — Registrator.jl 8.8AIHighAI2025-06-25
CVE-2025-6335 DedeCMS Template dedetag.class.php command injection — DedeCMS 4.7 Medium2025-06-20
CVE-2025-49823 Conda Constructor Command Injection via Unsanitized User Input (Low) — constructor--2025-06-17
CVE-2025-47959 Visual Studio Remote Code Execution Vulnerability — Microsoft Visual Studio 2022 version 17.10 7.1 High2025-06-13
CVE-2025-4231 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface — Cloud NGFW 7.2AIHighAI2025-06-12
CVE-2025-4678 Remote Code Execution leads to Command Injection — Pandora ITSM 9.8AICriticalAI2025-06-10
CVE-2025-4653 Remote Code Execution leads to Command Injection — Pandora ITSM 9.8AICriticalAI2025-06-10
CVE-2025-5836 Tenda AC9 POST Request SetIPTVCfg formSetIptv command injection — AC9 6.3 Medium2025-06-07
CVE-2025-22481 QTS, QuTS hero — QTS 8.8AIHighAI2025-06-06
CVE-2025-5763 Tenda CP3 apollo sub_F3C8C command injection — CP3 4.7 Medium2025-06-06
CVE-2025-5695 Teledyne FLIR AX8 Backend subscriptions.php subscribe_to_alarm command injection — AX8 4.7 Medium2025-06-05
CVE-2025-5606 Tenda AC18 SetIPTVCfg formSetIptv command injection — AC18 6.3 Medium2025-06-04
CVE-2025-20278 Cisco Unified Communications Products Command Injection Vulnerability — Cisco Finesse 6.0 Medium2025-06-04
CVE-2025-5515 TOTOLINK X2000R formMapDel command injection — X2000R 6.3 Medium2025-06-03
CVE-2025-5504 TOTOLINK X2000R formWsc command injection — X2000R 6.3 Medium2025-06-03
CVE-2025-5502 TOTOLINK X15 formMapReboot command injection — X15 6.3 Medium2025-06-03
CVE-2025-5492 D-Link DI-500WF-WT /usr/sbin/jhttpd msp_info.htm sub_456DE8 command injection — DI-500WF-WT 6.3 Medium2025-06-03
CVE-2025-5438 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 WPS command injection — RE6500 6.3 Medium2025-06-02
CVE-2025-5113 Authenticated Remote Command Injection in Diviotec NBR IP Cameras — nbr222p 9.8AICriticalAI2025-06-02

Vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) represent 1153 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.