Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2659

2659 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-64126 Zenitel TCIV-3+ OS Command Injection — TCIV-3+ 10.0 Critical2025-11-26
CVE-2025-62354 Cursor 安全漏洞 — cursor 9.8 Critical2025-11-26
CVE-2025-66261 Unauthenticated OS Command Injection (restore_settings.php) — Mozart FM Transmitter 9.8AICriticalAI2025-11-26
CVE-2025-66253 Unauthenticated OS Command Injection (start_upgrade.php) — Mozart FM Transmitter 8.8AIHighAI2025-11-26
CVE-2025-59370 ASUS Router 安全漏洞 — Router 8.8AIHighAI2025-11-25
CVE-2025-12742 Remote Code Execution in Looker via Teradata JDBC Driver — Looker 8.8AIHighAI2025-11-25
CVE-2025-64755 @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes — claude-code 6.2 -2025-11-21
CVE-2025-13087 Command Injection in Opto22 Groov REST API — GRV-EPIC-PR1 6.2 Medium2025-11-20
CVE-2025-34335 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via ActivateLicense.php — AudioCodes Fax/IVR Appliance 8.8AIHighAI2025-11-19
CVE-2025-34334 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & LPE — AudioCodes Fax/IVR Appliance 8.8AIHighAI2025-11-19
CVE-2025-58034 Fortinet FortiWeb 安全漏洞 — FortiWeb 6.7 High2025-11-18
CVE-2025-8693 Zyxel DX3300-T0 操作系统命令注入漏洞 — DX3300-T0 firmware 8.8 High2025-11-18
CVE-2025-34322 Nagios Log Server < 2026R1.0.1 Authenticated Command Injection via Natural Language Queries — Log Server 8.8AIHighAI2025-11-17
CVE-2025-64756 glob CLI: Command injection via -c/--cmd executes matches with shell:true — node-glob 7.5 High2025-11-17
CVE-2025-55055 Maxum Rumpus FTP Server 操作系统命令注入漏洞 — FTP Server 6.8 Medium2025-11-17
CVE-2025-13284 ThinPLUS|ThinPLUS - OS Command Injection — ThinPLUS 9.8 Critical2025-11-17
CVE-2021-4466 IPCop <= 2.1.9 Authenticated RCE — IPCop 8.8 -2025-11-14
CVE-2021-4470 TG8 Firewall Unauthenticated RCE via runphpcmd.php — TG8 Firewall 9.8 -2025-11-14
CVE-2025-64444 Sony NCP-HG100 操作系统命令注入漏洞 — NCP-HG100/Cellular model 8.8 -2025-11-14
CVE-2025-20349 Cisco DNA Center API Command Injection Vulnerability — Cisco Digital Network Architecture Center (DNA Center) 6.3 Medium2025-11-13
CVE-2025-42892 OS Command Injection vulnerability in SAP Business Connector — SAP Business Connector 6.8 Medium2025-11-11
CVE-2025-10230 Samba: command injection in wins server hook script 10.0 Critical2025-11-07
CVE-2025-64328 FreePBX Administration GUI is Vulnerable to Authenticated Command Injection — filestore 8.3 -2025-11-07
CVE-2025-11546 NEC EXPRESSCLUSTER X和NEC EXPRESSCLUSTER X SingleServerSafe 安全漏洞 — CLUSTERPRO X for Linux (EXPRESSCLUSTER X for Linux) 6.5 -2025-11-07
CVE-2025-12489 evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability — evernote-mcp-server 7.8 -2025-11-06
CVE-2022-50596 D-Link DIR-1260 <= v1.20B05 GetDeviceSettings Unauthenticated Command Injection — DIR-1260 9.8 -2025-11-06
CVE-2025-34239 Advantech WebAccess/VPN < 1.1.5 Command Injection in AppManagementController.appUpgradeAction() — WebAccess/VPN 7.2 -2025-11-06
CVE-2025-45379 Dell CloudLink 操作系统命令注入漏洞 — CloudLink 8.4 High2025-11-05
CVE-2025-30479 Dell CloudLink 操作系统命令注入漏洞 — CloudLink 8.4 High2025-11-05
CVE-2025-45378 Dell CloudLink 操作系统命令注入漏洞 — CloudLink 9.1 Critical2025-11-05

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2659 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.