CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1149

1149 vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-10961	Wavlink NU516U1 Delete_Mac_list wireless.cgi sub_4030C0 command injection — NU516U1	5.5	Medium	2025-09-25
CVE-2025-10960	Wavlink NU516U1 DeleteMac wireless.cgi sub_402D1C command injection — NU516U1	6.3	Medium	2025-09-25
CVE-2025-10959	Wavlink NU516U1 firewall.cgi sub_401778 command injection — NU516U1	6.3	Medium	2025-09-25
CVE-2025-10958	Wavlink NU516U1 AddMac wireless.cgi sub_403010 command injection — NU516U1	6.3	Medium	2025-09-25
CVE-2025-59834	Command Injection in adb-mcp MCP Server — adb-mcp	9.8	Critical	2025-09-25
CVE-2025-59831	`git-comiters` Command Injection vulnerability — git-commiters.js	8.8^AI	High^AI	2025-09-25
CVE-2025-20334	Cisco IOS XE 命令注入漏洞 — Cisco IOS XE Software	8.8	High	2025-09-24
CVE-2025-10814	D-Link DIR-823X goahead command injection — DIR-823X	6.3	Medium	2025-09-22
CVE-2025-59689	Libraesva Email Security Gateway 安全漏洞 — Email Security Gateway	6.1	Medium	2025-09-19
CVE-2025-10035	Deserialization Vulnerability in GoAnywhere MFT's License Servlet — GoAnywhere MFT	10.0	Critical	2025-09-18
CVE-2025-10689	D-Link DIR-645 soap.cgi soapcgi_main command injection — DIR-645	6.3	Medium	2025-09-18
CVE-2025-10634	D-Link DIR-823X Environment Variable goahead sub_412E7C command injection — DIR-823X	6.3	Medium	2025-09-18
CVE-2025-10629	D-Link DIR-852 Simple Service Discovery Protocol Service cgibin ssdpcgi_main command injection — DIR-852	6.3	Medium	2025-09-18
CVE-2025-10628	D-Link DIR-852 Web Management hedwig.cgi command injection — DIR-852	6.3	Medium	2025-09-18
CVE-2025-59458	JetBrains Junie 命令注入漏洞 — Junie	8.3	High	2025-09-17
CVE-2025-59376	mcp-kubernetes-server 安全漏洞 — mcp-kubernetes-server	3.7	Low	2025-09-15
CVE-2025-10401	D-Link DIR-823x diag_ping command injection — DIR-823x	6.3	Medium	2025-09-14
CVE-2025-10325	Wavlink WL-WN578W2 login.cgi sub_401BA4 command injection — WL-WN578W2	6.3	Medium	2025-09-12
CVE-2025-10324	Wavlink WL-WN578W2 firewall.cgi sub_401C5C command injection — WL-WN578W2	7.3	High	2025-09-12
CVE-2025-10323	Wavlink WL-WN578W2 wizard_rep.shtml sub_409184 command injection — WL-WN578W2	7.3	High	2025-09-12
CVE-2025-10364	Unauthenticated Arbitrary Command Injection in Evertz SDVN — 3080ipx-10G	9.8	-	2025-09-12
CVE-2025-27233	Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later. — Zabbix	6.5	-	2025-09-12
CVE-2025-55319	Agentic AI and Visual Studio Code Remote Code Execution Vulnerability — Visual Studio Code	8.8	High	2025-09-12
CVE-2025-59046	interactive-git-checkout has Command Injection vulnerability — interactive-git-checkout	9.8	Critical	2025-09-09
CVE-2025-55227	Microsoft SQL Server Elevation of Privilege Vulnerability — Microsoft SQL Server 2016 Service Pack 3 (GDR)	8.8	High	2025-09-09
CVE-2025-10107	TRENDnet TEW-831DR formSysCmd command injection — TEW-831DR	4.7	Medium	2025-09-09
CVE-2025-9161	Rockwell Automation FactoryTalk Optix Remote Code Execution Vulnerability — FactoryTalk Optix	9.8^AI	Critical^AI	2025-09-09
CVE-2025-10123	D-Link DIR-823X set_static_leases sub_415028 command injection — DIR-823X	7.3	High	2025-09-09
CVE-2025-7388	Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface — OpenEdge	8.4	High	2025-09-04
CVE-2025-58358	Markdownify is vulnerable to command injection through pptx-to-markdown tool — markdownify-mcp	7.5	High	2025-09-04

Vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) represent 1149 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1149