Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2646

2646 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-6992 Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection — MR9600 7.2 High2026-04-25
CVE-2026-41421 SiYuan Desktop Notification XSS Leads to Electron RCE — siyuan 8.8 High2026-04-24
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames — vim 6.6 Medium2026-04-24
CVE-2026-33208 Roxy-WI Vulnerable to Authenticated Remote Code Execution via OS Command Injection in find-in-config Endpoint — roxy-wi 8.8AIHighAI2026-04-24
CVE-2026-41247 elFinder: Command injection in resize background color parameter when using ImageMagick CLI — elFinder 9.8AICriticalAI2026-04-23
CVE-2026-41208 Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution — @paperclipai/server 8.8 High2026-04-23
CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution — rclone 9.8 -2026-04-23
CVE-2026-5935 TSSC/IMC is vulnerable to OS Command Injection — Total Storage Service Console (TSSC) / TS4500 IMC 7.3 High2026-04-22
CVE-2026-40517 radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names — radare2 7.8 High2026-04-22
CVE-2026-41064 AVideo has an incomplete fix for CVE-2026-33502 (Command Injection) — AVideo 9.3 Critical2026-04-21
CVE-2026-4821 Proxy configuration command injection vulnerability found in GitHub Enterprise Server Management Console configuration API — Enterprise Server 7.2AIHighAI2026-04-21
CVE-2026-40933 Flowise: Authenticated RCE Via MCP Adapters — Flowise 10.0 Critical2026-04-21
CVE-2026-40520 FreePBX api module Command Injection via GraphQL — api 7.2 High2026-04-21
CVE-2026-41036 Command Injection Vulnerability in Quantum Networks Router QN-I-470 — Router QN-I-470 8.8AIHighAI2026-04-21
CVE-2026-5965 NewSoft|NewSoftOA - OS Command Injection — NewSoftOA 9.8 Critical2026-04-21
CVE-2026-32311 Command Injection and Docker container escape allows root on host machine — flowsint 8.8AIHighAI2026-04-20
CVE-2026-22761 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain 6.7 Medium2026-04-20
CVE-2026-26942 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain 6.7 Medium2026-04-20
CVE-2026-26943 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain 7.2 High2026-04-20
CVE-2026-24506 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain 7.2 High2026-04-20
CVE-2026-23774 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain 7.2 High2026-04-20
CVE-2026-5967 TeamT5|ThreatSonar Anti-Ransomware - Privilege Escalation — ThreatSonar Anti-Ransomware 8.8 High2026-04-20
CVE-2026-6644 A command injection vulnerability was found in the PPTP VPN Clients on the ADM — ADM 7.2AIHighAI2026-04-20
CVE-2026-35582 Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix — emissary 8.8 High2026-04-18
CVE-2026-23500 Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration — dolibarr 7.2AIHighAI2026-04-17
CVE-2026-40527 radare2 Command Injection via DWARF Parameter Names — radare2 7.8 High2026-04-17
CVE-2026-33145 xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman — xrdp 6.3 Medium2026-04-17
CVE-2026-35073 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain 6.7 Medium2026-04-17
CVE-2026-35074 Dell PowerProtect Data Domain 安全漏洞 — PowerProtect Data Domain 6.7 Medium2026-04-17
CVE-2026-35072 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain 6.7 Medium2026-04-17

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2646 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.