Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1149

1149 vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-54131 Cursor bypasses its allow list to execute arbitrary commands — cursor 6.4 Medium2025-08-01
CVE-2025-54424 1Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution — 1Panel 8.1 High2025-08-01
CVE-2025-54416 tj-actions/branch-names Contains Command Injection Vulnerability — branch-names 9.1 Critical2025-07-26
CVE-2025-54377 Roo Code Lacks Line Break Validation in its Command Execution Tool — Roo-Code 7.8 High2025-07-23
CVE-2025-7952 TOTOLINK T6 MQTT Packet wireless.so ckeckKeepAlive command injection — T6 6.3 Medium2025-07-22
CVE-2025-53832 @translated/lara-mcp vulnerable to command injection in import_tmx tool — lara-mcp 7.5 High2025-07-21
CVE-2025-7932 D-Link DIR‑817L ssdpcgi lxmldbc_system command injection — DIR‑817L 6.3 Medium2025-07-21
CVE-2025-7883 Eluktronics Control Center Powershell Script Command command injection — Control Center 7.8 High2025-07-20
CVE-2025-7836 D-Link DIR-816L Environment Variable cgibin lxmldbc_system command injection — DIR-816L 6.3 Medium2025-07-19
CVE-2025-54073 mcp-package-docs vulnerable to command injection in several tools — mcp-package-docs 7.5 High2025-07-18
CVE-2025-52690 Command Injection Vulnerability in the OmniAccess Stellar over UDP Service — OmniAccess Stellar Products 8.1 High2025-07-16
CVE-2025-52688 Command Injection Vulnerability in the OmniAccess Stellar Web Management Interface — OmniAccess Stellar Products 9.8 Critical2025-07-16
CVE-2025-52687 JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface — OmniAccess Stellar 2.4 Low2025-07-16
CVE-2025-49836 GHSL-2025-048: GPT-SoVITS Command Injection vulnerability — GPT-SoVITS 9.8AICriticalAI2025-07-15
CVE-2025-49835 GHSL-2025-047: GPT-SoVITS Command Injection vulnerability — GPT-SoVITS 9.8AICriticalAI2025-07-15
CVE-2025-49834 GHSL-2025-046: GPT-SoVITS Command Injection vulnerability — GPT-SoVITS 9.8AICriticalAI2025-07-15
CVE-2025-49833 GHSL-2025-045: GPT-SoVITS Command Injection vulnerability — GPT-SoVITS 9.8AICriticalAI2025-07-15
CVE-2025-3621 Remote Code Execution in ProTNS ActADUR — ActADUR 9.6 Critical2025-07-15
CVE-2025-7615 TOTOLINK T6 HTTP POST Request cstecgi.cgi clearPairCfg command injection — T6 6.3 Medium2025-07-14
CVE-2025-7614 TOTOLINK T6 HTTP POST Request cstecgi.cgi delDevice command injection — T6 6.3 Medium2025-07-14
CVE-2025-7613 TOTOLINK T6 HTTP POST Request cstecgi.cgi CloudSrvVersionCheck command injection — T6 6.3 Medium2025-07-14
CVE-2025-7578 Teledyne FLIR FB-Series O/FLIR FH-Series ID runcmd.sh sendCommand command injection — FLIR FB-Series O 5.0 Medium2025-07-14
CVE-2025-7525 TOTOLINK T6 HTTP POST Request cstecgi.cgi setTracerouteCfg command injection — T6 6.3 Medium2025-07-13
CVE-2025-7524 TOTOLINK T6 HTTP POST Request cstecgi.cgi setDiagnosisCfg command injection — T6 6.3 Medium2025-07-13
CVE-2025-7415 Tenda O3V2 httpd getTraceroute fromTraceroutGet command injection — O3V2 6.3 Medium2025-07-10
CVE-2025-53355 mcp-server-kubernetes vulnerable to command injection in several tools — mcp-server-kubernetes 7.5 High2025-07-08
CVE-2025-7192 D-Link DIR-645 ssdpcgi cgibin ssdpcgi_main command injection — DIR-645 6.3 Medium2025-07-08
CVE-2025-53372 node-code-sandbox-mcp has a Sandbox Escape via Command Injection — node-code-sandbox-mcp 7.5 High2025-07-08
CVE-2025-53104 gluestack-ui Command Injection Vulnerability via discussion-to-slack GitHub Action Workflow — gluestack-ui 9.1 Critical2025-07-01
CVE-2025-53107 @cyanheads/git-mcp-server vulnerable to command injection in several tools — git-mcp-server 7.5 High2025-07-01

Vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) represent 1149 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.