CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2669

2669 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-3128	Mitsubishi Electric Europe smartRTU OS Command Injection — smartRTU	9.8	Critical	2025-08-21
CVE-2025-9262	wong2 mcp-cli oAuth provider.js redirectToAuthorization os command injection — mcp-cli	5.6	Medium	2025-08-20
CVE-2025-9244	Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 addStaticRoute os command injection — RE6250	6.3	Medium	2025-08-20
CVE-2025-6183	Configd Injection — sdm-cli	7.5^AI	High^AI	2025-08-20
CVE-2025-6181	StrongDM Client 安全漏洞 — sdm-cli	7.8^AI	High^AI	2025-08-20
CVE-2011-10026	Spreecommerce < 0.50.x API RCE — Spreecommerce	9.8^AI	Critical^AI	2025-08-20
CVE-2010-20059	FreeNAS < 0.7.2 rev 5543 exec_raw.php Arbitrary Command Execution — FreeNAS	9.8^AI	Critical^AI	2025-08-20
CVE-2025-9176	neurobin shc Environment Variable shc.c make os command injection — shc	5.3	Medium	2025-08-19
CVE-2025-9174	neurobin shc Filename shc.c make os command injection — shc	5.3	Medium	2025-08-19
CVE-2025-55284	Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code — claude-code	9.4^AI	Critical^AI	2025-08-16
CVE-2025-9026	D-Link DIR-860L Simple Service Discovery Protocol cgibin ssdpcgi_main os command injection — DIR-860L	7.3	High	2025-08-15
CVE-2025-20220	Cisco Secure Firewall Management Center和Cisco Secure Firewall Threat Defense 操作系统命令注入漏洞 — Cisco Firepower Management Center	6.0	Medium	2025-08-14
CVE-2011-10017	Snort Report nmap.php/nbtscan.php RCE — Snort Report	9.8^AI	Critical^AI	2025-08-13
CVE-2012-10059	Dolibarr ERP/CRM Post-Auth OS Command Injection — ERP/CRM	8.8^AI	High^AI	2025-08-13
CVE-2025-23294	NVIDIA WebDataset 操作系统命令注入漏洞 — NVIDIA WebDataset	7.8	High	2025-08-13
CVE-2025-54382	Cherry Studio RCE Vulnerability Disclosure — cherry-studio	9.7	Critical	2025-08-13
CVE-2025-54074	Cherry Studio is Vulnerable to OS Command Injection during Connection with a Malicious MCP Server — cherry-studio	8.8^AI	High^AI	2025-08-13
CVE-2025-47857	Fortinet FortiWeb CLI 操作系统命令注入漏洞 — FortiWeb	6.5	Medium	2025-08-12
CVE-2025-27759	Fortinet FortiWeb 操作系统命令注入漏洞 — FortiWeb	6.7	Medium	2025-08-12
CVE-2025-49813	Fortinet FortiADC 操作系统命令注入漏洞 — FortiADC	6.6	High	2025-08-12
CVE-2025-25256	Fortinet FortiSIEM 操作系统命令注入漏洞 — FortiSIEM	9.8	Critical	2025-08-12
CVE-2012-10040	Openfiler v2.x NetworkCard Command Execution — Openfiler	8.8^AI	High^AI	2025-08-11
CVE-2012-10039	ZEN Load Balancer Filelog Command Execution — ZEN Load Balancer	8.8^AI	High^AI	2025-08-11
CVE-2012-10037	PhpTax pfilez Parameter Exec Remote Code Injection — PhpTax	9.8^AI	Critical^AI	2025-08-11
CVE-2025-8830	Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setWan sub_3517C os command injection — RE6250	6.3	Medium	2025-08-11
CVE-2025-8829	Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_red os command injection — RE6250	6.3	Medium	2025-08-11
CVE-2025-8828	Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setIpv6 ipv6cmd os command injection — RE6250	6.3	Medium	2025-08-11
CVE-2025-8827	Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_inspect_cross_band os command injection — RE6250	6.3	Medium	2025-08-11
CVE-2025-8825	Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto os command injection — RE6250	6.3	Medium	2025-08-11
CVE-2025-8823	Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setDeviceName os command injection — RE6250	6.3	Medium	2025-08-11

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2669 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2669