CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2653

2653 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-26323	OpenClaw has a command injection in maintainer clawtributors updater — openclaw	8.8	-	2026-02-19
CVE-2026-27476	RustFly 2.0.0 Command Injection via UDP Remote Control — RustFly	9.8	Critical	2026-02-19
CVE-2026-26318	systeminformation has Command Injection via Unsanitized `locate` Output in `versions()` — systeminformation	8.8	High	2026-02-19
CVE-2026-26280	Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path — systeminformation	8.4	High	2026-02-19
CVE-2026-26189	Trivy Action has a script injection via sourced env file in composite action — trivy-action	5.9	Medium	2026-02-19
CVE-2025-15559	Unauthenticated OS Command Injection in NesterSoft WorkTime — WorkTime (on-prem/cloud)	9.8^AI	Critical^AI	2026-02-19
CVE-2026-2686	SECCN Dingcheng G10 session_login.cgi qq os command injection — G10	9.8	Critical	2026-02-19
CVE-2026-27175	MajorDoMo Command Injection in rc/index.php via Race Condition — MajorDoMo	9.8	Critical	2026-02-18
CVE-2026-2670	Advantech WISE-6610 Background Management openvpn_apply os command injection — WISE-6610	7.2	High	2026-02-18
CVE-2025-12122	Popup Box – Easily Create WordPress Popups <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting — Popup Box – Easily Create WordPress Popups	6.4	Medium	2026-02-18
CVE-2026-2629	jishi node-sonos-http-api TTS Provider mac-os.js Promise os command injection — node-sonos-http-api	7.3	High	2026-02-17
CVE-2026-2630	[R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2 — Security Center	8.8	High	2026-02-17
CVE-2026-2560	kalcaddle kodbox Media File Preview Plugin VideoResize.class.php run os command injection — kodbox	6.3	Medium	2026-02-16
CVE-2026-2544	yued-fe LuLu UI run.js child_process.exec os command injection — LuLu UI	7.3	High	2026-02-16
CVE-2026-25108	Soliton Systems Kk FileZen 安全漏洞 — FileZen	8.8^AI	High^AI	2026-02-13
CVE-2026-25933	Arduino App Lab has Improper Data Validation in Internal Terminal Interface — arduino-app-lab	6.9	Medium	2026-02-12
CVE-2026-26029	sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec — sf-mcp-server	7.5	High	2026-02-11
CVE-2024-56808	Media Streaming add-on — Media Streaming add-on	8.0^AI	High^AI	2026-02-11
CVE-2026-26009	Catalyst Affected by Remote Code Execution as Root via Containerized Install Script Execution — catalyst	10.0	Critical	2026-02-10
CVE-2026-0652	Remote Code Execution on TP-Link Tapo C260 by Guest User — Tapo C260 v1	8.8^AI	High^AI	2026-02-10
CVE-2025-11142	AXIS OS 安全漏洞 — AXIS OS	7.1	High	2026-02-10
CVE-2026-2260	D-Link DCS-931L setSysAdmin os command injection — DCS-931L	7.2	High	2026-02-10
CVE-2026-2210	D-Link DIR-823X set_filtering sub_4211C8 os command injection — DIR-823X	7.2	High	2026-02-09
CVE-2026-2188	UTT 进取 521G formPdbUpConfig sub_446B18 os command injection — 进取 521G	7.2	High	2026-02-08
CVE-2026-2184	Great Developers Certificate Generation System csv.php os command injection — Certificate Generation System	7.3	High	2026-02-08
CVE-2026-2175	D-Link DIR-823X set_upnp sub_420618 os command injection — DIR-823X	7.2	High	2026-02-08
CVE-2026-2167	Totolink WA300 cstecgi.cgi setAPNetwork os command injection — WA300	6.3	Medium	2026-02-08
CVE-2026-2157	D-Link DIR-823X set_static_route_table sub_4175CC os command injection — DIR-823X	7.2	High	2026-02-08
CVE-2026-2155	D-Link DIR-823X Configuration set_dmz sub_4208A0 os command injection — DIR-823X	7.2	High	2026-02-08
CVE-2026-2152	D-Link DIR-615 Web Configuration adv_routing.php os command injection — DIR-615	7.2	High	2026-02-08

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2653 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2653