CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2659

2659 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-46645	Dell PowerProtect Data Domain 操作系统命令注入漏洞 — PowerProtect Data Domain with Data Domain Operating System (DD OS) Feature Release	6.5	Medium	2026-01-09
CVE-2025-46644	Dell PowerProtect Data Domain 操作系统命令注入漏洞 — PowerProtect Data Domain with Data Domain Operating System (DD OS) Feature Release	6.0	Medium	2026-01-09
CVE-2025-66052	Command injection in Vivotek IP7137 cameras — IP7137	7.2	-	2026-01-09
CVE-2026-22035	Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin — greenshot	7.8	High	2026-01-08
CVE-2019-25289	INIM Electronics SmartLiving SmartLAN/G/SI <=6.x Remote Command Execution — SmartLiving SmartLAN/G/SI	8.8	High	2026-01-07
CVE-2017-20216	FLIR Thermal Camera PT-Series firmware version 8.0.0.64 Unauthenticated Remote Command Injection — FLIR Thermal Camera PT-Series	9.8	Critical	2026-01-07
CVE-2017-20215	FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 Authenticated OS Command Injection — FLIR Thermal Camera FC-S/PT	8.8	High	2026-01-07
CVE-2025-69262	pnpm vulnerable to Command Injection via environment variable substitution — pnpm	7.6	High	2026-01-07
CVE-2025-6225	Command injection in Kieback&Peter Neutrino-GLT — Neutrino-GLT	9.8	-	2026-01-07
CVE-2025-15472	TRENDnet TEW-811DRU httpd uapply.cgi setDeviceURL os command injection — TEW-811DRU	7.2	High	2026-01-06
CVE-2025-15471	TRENDnet TEW-713RE formFSrvX os command injection — TEW-713RE	9.8	Critical	2026-01-06
CVE-2020-36910	Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter — SMP-8000QD	8.8	High	2026-01-06
CVE-2025-59157	Coolify has Git Repository RCE — coolify	10.0	Critical	2026-01-05
CVE-2025-59156	Coolify has Docker Compose Injection issue — coolify	9.9	-	2026-01-05
CVE-2025-5965	RCE via the backup feature available only to user with high privilege — Infra Monitoring	7.2	High	2026-01-05
CVE-2025-64124	Nuvation Energy Multi-Stack Controller OS Command Injection — Multi-Stack Controller (MSC)	7.2	-	2026-01-03
CVE-2025-64120	Nuvation Energy Multi-Stack Controller OS Command Injection — Multi-Stack Controller (MSC)	8.8	-	2026-01-02
CVE-2025-66398	Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE) — signalk-server	9.7	Critical	2026-01-01
CVE-2025-68700	RAGFlow Remote Code Execution Vulnerability — ragflow	9.9	-	2025-12-31
CVE-2015-10145	Gargoyle 1.5.x Authenticated OS Command Execution via run_commands.sh — Gargoyle Router Management Utility	8.8	-	2025-12-31
CVE-2021-47745	Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection via Firmware Upgrade — 200	8.8	High	2025-12-31
CVE-2021-47747	meterN 1.2.3 Authenticated Remote Code Execution via Admin Scripts — meterN	8.8	High	2025-12-31
CVE-2025-15389	QNO Technology｜VPN Firewall - OS Command Injection — VPN Firewall	8.8	High	2025-12-31
CVE-2025-15388	QNO Technology｜VPN Firewall - OS Command Injection — VPN Firewall	8.8	High	2025-12-31
CVE-2024-58338	Anevia Flamingo XL 3.2.9 Remote Root Jailbreak via Traceroute Command — Flamingo XL	10.0	Critical	2025-12-30
CVE-2022-50794	SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Command Injection via Username — Impact/Pulse/First	9.8	Critical	2025-12-30
CVE-2022-50795	SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via traceroute.php — Impact/Pulse/First	7.8	High	2025-12-30
CVE-2022-50793	SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command Injection via www-data-handler.php — Impact/Pulse/First	8.8	High	2025-12-30
CVE-2022-50789	SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via dns.php — Impact/Pulse/First	7.8	High	2025-12-30
CVE-2022-50791	SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via ping.php — Impact/Pulse/First	7.8	High	2025-12-30

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2659 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2659