CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1149

1149 vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-13798	ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_add command injection — NBR1005GPEV2	6.3	Medium	2025-12-01
CVE-2025-13797	ADSLR B-QE2W401 send_order.cgi parameterdel_swifimac command injection — B-QE2W401	6.3	Medium	2025-12-01
CVE-2025-66219	willitmerge has a command Injection vulnerability — willitmerge	8.8	-	2025-11-29
CVE-2025-13562	D-Link DIR-852 gena.cgi command injection — DIR-852	7.3	High	2025-11-23
CVE-2025-65946	Roo Code is Vulnerable to Potential Remote Code Execution via zsh Command Validation Bug — Roo-Code	8.1	High	2025-11-21
CVE-2025-13442	UTT 进取 750W formPdbUpConfig system command injection — 进取 750W	7.3	High	2025-11-20
CVE-2025-13306	D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection — DWR-M920	6.3	Medium	2025-11-17
CVE-2025-6945	Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab — GitLab	3.5	Low	2025-11-15
CVE-2025-46427	Dell SmartFabric OS10 Software 命令注入漏洞 — SmartFabric OS10 Software	8.8	High	2025-11-12
CVE-2025-46428	Dell SmartFabric OS10 Software 命令注入漏洞 — SmartFabric OS10 Software	8.8	High	2025-11-12
CVE-2025-62222	Agentic AI and Visual Studio Code Remote Code Execution Vulnerability — Microsoft Visual Studio Code CoPilot Chat Extension	8.8	High	2025-11-11
CVE-2025-62214	Visual Studio Remote Code Execution Vulnerability — Microsoft Visual Studio 2022 version 17.14	6.7	Medium	2025-11-11
CVE-2025-9223	Command Injection — ManageEngine Applications Manager	8.8	High	2025-11-11
CVE-2025-12155	Command Injection in Looker — Looker	8.8	-	2025-11-10
CVE-2025-12916	Sangfor Operation and Maintenance Security Management System Frontend portal_login command injection — Operation and Maintenance Security Management System	6.3	Medium	2025-11-08
CVE-2025-46365	Dell CloudLink 命令注入漏洞 — CloudLink	5.3	Medium	2025-11-05
CVE-2025-1549	WatchGuard Mobile VPN with SSL Local Privilege Escallation — Mobile VPN with SSL Client	7.8^AI	High^AI	2025-10-29
CVE-2025-12313	D-Link DI-7001 MINI msp_info.htm command injection — DI-7001 MINI	6.3	Medium	2025-10-27
CVE-2025-58428	Command Injection in Veeder-Root TLS4B Automatic Tank Gauge System — TLS4B Automatic Tank Gauge System	9.9	Critical	2025-10-23
CVE-2025-41721	Sauter: Command Injection — modulo 6 devices modu680-AS	2.7	Low	2025-10-22
CVE-2025-10020	Command Injection — ManageEngine ADManager Plus	8.5	High	2025-10-21
CVE-2025-62696	Multiple critical security issues in Springboard — Mediawiki Foundation - Springboard Extension	9.8^AI	Critical^AI	2025-10-21
CVE-2025-58132	Zoom Clients for Windows - Command Injection — Zoom Clients for Windows	4.1	Medium	2025-10-15
CVE-2025-34267	Flowise Authenticated Command Execution and Sandbox Bypass via Puppeteer & Playwright Packages — Flowise	9.9^AI	Critical^AI	2025-10-14
CVE-2025-59286	Copilot Information Disclosure Vulnerability — Microsoft 365 Copilot's Business Chat	9.3	Critical	2025-10-09
CVE-2025-59272	Copilot Information Disclosure Vulnerability — Microsoft 365 Copilot's Business Chat	9.3	Critical	2025-10-09
CVE-2025-59252	M365 Copilot Information Disclosure Vulnerability — Microsoft 365 Word Copilot	9.3	Critical	2025-10-09
CVE-2025-11523	Tenda AC7 AdvSetLanip command injection — AC7	6.3	Medium	2025-10-09
CVE-2025-11488	D-Link DIR-852 HNAP1 command injection — DIR-852	7.3	High	2025-10-08
CVE-2025-61787	Deno is Vulnerable to Command Injection on Windows During Batch File Execution — deno	8.1	High	2025-10-08

Vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) represent 1149 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1149