Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2659

2659 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-10622 Foreman: os command injection via ct_location and fcct_location parameters — Foreman 8.0 High2025-11-05
CVE-2025-64109 Cursor CLI Beta: Command Injection via Untrusted MCP Configuration — cursor 8.8 High2025-11-04
CVE-2025-64106 Cursor: Speedbump Modal Bypass in MCP Server Deep-Link — cursor 8.8 High2025-11-04
CVE-2025-11953 Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests 9.8 Critical2025-11-03
CVE-2025-54763 Century Systems FutureNet MA-X series 操作系统命令注入漏洞 — FutureNet MA-X series 7.2 High2025-10-31
CVE-2024-14008 Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard — XI 7.2AIHighAI2025-10-30
CVE-2025-34286 Nagios XI < 2026R1 RCE via Run Check Command in CCM — XI 7.2AIHighAI2025-10-30
CVE-2024-14003 Nagios XI < 2024R1.2 RCE via NRDP Server Plugins — XI 9.8AICriticalAI2025-10-30
CVE-2025-34134 Nagios XI < 2024R1.4.2 RCE via Business Process Intelligence (BPI) — XI 7.2AIHighAI2025-10-30
CVE-2018-25122 Nagios XI < 5.4.13 Component Download Page RCE — XI 8.8AIHighAI2025-10-30
CVE-2024-14005 Nagios XI < 2024R1.2 Command Injection via Docker Wizard — XI 7.2AIHighAI2025-10-30
CVE-2020-36867 Nagios XI < 5.7.3 Command Injection in Report PDF Download — XI 8.8AIHighAI2025-10-30
CVE-2013-10073 Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection — XI 8.8AIHighAI2025-10-30
CVE-2020-36856 Nagios XI < 5.6.14 Authenticated RCE command_test.php via address — XI 7.2AIHighAI2025-10-30
CVE-2025-34284 Nagios XI < 2024R2 Authenticated Command Injection via WinRM Plugin — XI 7.2AIHighAI2025-10-30
CVE-2025-34280 Nagios Network Analyzer < 2024R2.0.1 RCE in LDAP Certificate Removal Function — Network Analyzer 7.2AIHighAI2025-10-30
CVE-2025-43942 Dell Unity 操作系统命令注入漏洞 — Unity 7.8 High2025-10-30
CVE-2025-46422 Dell Unity 操作系统命令注入漏洞 — Unity 7.8 High2025-10-30
CVE-2025-46423 Dell Unity 操作系统命令注入漏洞 — Unity 7.8 High2025-10-30
CVE-2025-43939 Dell Unity 安全漏洞 — Unity 7.8 High2025-10-30
CVE-2025-43940 Dell Unity 操作系统命令注入漏洞 — Unity 7.8 High2025-10-30
CVE-2025-43941 Dell Unity 操作系统命令注入漏洞 — Unity 7.2 High2025-10-30
CVE-2025-54941 Apache Airflow: Command injection in "example_dag_decorator" — Apache Airflow 8.8AIHighAI2025-10-30
CVE-2025-54469 NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow — neuvector 9.9 Critical2025-10-30
CVE-2025-11202 win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability — win-cli-mcp-server 9.8AICriticalAI2025-10-29
CVE-2018-25120 D-Link DNS-343 ShareCenter <= 1.05 Command Injection via /goform/Mail_Test — DNS-343 ShareCenter 9.8AICriticalAI2025-10-29
CVE-2025-62801 FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name — fastmcp 9.8AICriticalAI2025-10-28
CVE-2025-34311 IPFire < v2.29 Command Injection via Proxy Report Creation — IPFire 8.8AIHighAI2025-10-28
CVE-2025-34312 IPFire < v2.29 Command Injection via URL Filter Blacklist — IPFire 8.8AIHighAI2025-10-28
CVE-2025-1038 Hitachi TropOS 4th Gen 操作系统命令注入漏洞 — TropOS 4th Gen 7.2AIHighAI2025-10-28

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2659 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.