Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2653

2653 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-25041 Budibase has a Command Injection in PostgreSQL Dump Command — budibase 9.8AICriticalAI2026-03-09
CVE-2025-15568 Command Injection Vulnerability on TP-Link Archer AXE75 — Archer AXE75 v1.6/v1.0 8.0AIHighAI2026-03-09
CVE-2026-3696 Totolink N300RH CGI cstecgi.cgi setWiFiWpsConfig os command injection — N300RH 7.3 High2026-03-08
CVE-2026-30861 WeKnora: Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation — WeKnora 10.0 Critical2026-03-07
CVE-2026-25070 XikeStor SKS8310-8X PingTestSet Command Injection — XikeStor SKS8310-8X 9.8 -2026-03-07
CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution — copilot-cli 8.0 -2026-03-06
CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php — AVideo-Encoder 9.8 Critical2026-03-06
CVE-2026-28507 Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal — idno 9.8 -2026-03-06
CVE-2026-28470 OpenClaw < 2026.2.2 - Exec Allowlist Bypass via Command Substitution in Double Quotes — OpenClaw 9.8 Critical2026-03-05
CVE-2026-28463 OpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Safe Bins Allowlist — OpenClaw 8.4 High2026-03-05
CVE-2026-28287 FreePBX: Authenticated Remote Code Execution via Recordings Module AJAX Endpoints — security-reporting 8.8 -2026-03-05
CVE-2026-28209 FreePBX: Command Injection leading to Remote Code Execution in FreePBX ElevenLabs Text-to-Speech integration — security-reporting 8.8 -2026-03-05
CVE-2026-20008 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Lua Code Injection Vulnerability — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 6.0 Medium2026-03-04
CVE-2025-59783 OS Command Injection over API — 2N Access Commander 7.2AIHighAI2026-03-04
CVE-2026-27441 PDF Password CMDi — Secure Email Gateway 9.8AICriticalAI2026-03-04
CVE-2026-28774 Authenticated OS Command Injection via Traceroute Utility leads to Root RCE — SFX Series SuperFlex SatelliteReceiver Web Management Interface 8.8AIHighAI2026-03-04
CVE-2026-28773 Authenticated OS Command Injection via Ping Utility Leading to RCE as Root — SFX Series SuperFlex SatelliteReceiver Web Management Interface 8.8AIHighAI2026-03-04
CVE-2026-26279 Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection — Froxlor 9.1 Critical2026-03-03
CVE-2026-3485 D-Link DIR-868L SSDP Service sub_1BF84 os command injection — DIR-868L 9.8 Critical2026-03-03
CVE-2025-13686 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment — DataStage on Cloud Pak for Data 6.3 Medium2026-03-03
CVE-2025-13687 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment — DataStage on Cloud Pak for Data 6.3 Medium2026-03-03
CVE-2025-13688 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment — DataStage on Cloud Pak for Data 6.3 Medium2026-03-03
CVE-2026-0654 Command injection on TP-Link Deco BE25 — Deco BE25 v1.0 8.0AIHighAI2026-03-02
CVE-2025-50197 Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter — chamilo-lms 9.8AICriticalAI2026-03-02
CVE-2025-50196 Chamilo: OS Command Injection in /plugin/vchamilo/views/editinstance.php via POST main_database parameter — chamilo-lms 9.8AICriticalAI2026-03-02
CVE-2025-50195 Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php — chamilo-lms 9.8AICriticalAI2026-03-02
CVE-2025-50194 Chamilo: OS Command Injection in /main/cron/lang/check_parse_lang.php — chamilo-lms 9.8AICriticalAI2026-03-02
CVE-2025-50193 Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database parameter — chamilo-lms 9.8AICriticalAI2026-03-02
CVE-2025-30044 RCE on uhcapache user permissions — CGM CLININET 9.8AICriticalAI2026-03-02
CVE-2026-28517 openDCIM <= 23.04 OS Command Injection via dot Configuration Parameter — openDCIM 9.8 -2026-02-27

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2653 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.