Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2653

2653 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-35518 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.cnameRecords Newline Injection — FTL 8.8 High2026-04-07
CVE-2026-35517 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.upstreams Newline Injection — FTL 8.8 High2026-04-07
CVE-2026-35463 pyLoad has Improper Neutralization of Special Elements used in an OS Command — pyload 8.8 High2026-04-07
CVE-2021-4473 Tianxin Internet Behavior Management System Command Injection via toQuery.php — Tianxin Internet Behavior Management System 9.8 Critical2026-04-07
CVE-2026-5692 Totolink A7100RU cstecgi.cgi setGameSpeedCfg os command injection — A7100RU 7.3 High2026-04-06
CVE-2026-5691 Totolink A7100RU cstecgi.cgi setFirewallType os command injection — A7100RU 7.3 High2026-04-06
CVE-2026-5690 Totolink A7100RU cstecgi.cgi setRemoteCfg os command injection — A7100RU 7.3 High2026-04-06
CVE-2026-5689 Totolink A7100RU cstecgi.cgi setNtpCfg os command injection — A7100RU 7.3 High2026-04-06
CVE-2026-5688 Totolink A7100RU cstecgi.cgi setDdnsCfg os command injection — A7100RU 7.3 High2026-04-06
CVE-2026-5709 AWS Research and Engineering Studio (RES) FileBrowser Command Injection — Research and Engineering Studio (RES) 8.8 High2026-04-06
CVE-2026-5707 Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES) — Research and Engineering Studio (RES) 8.8 High2026-04-06
CVE-2026-5679 Totolink A3300R cstecgi.cgi vsetTr069Cfg os command injection — A3300R 5.5 Medium2026-04-06
CVE-2026-35022 Anthropic Claude Code & Agent SDK OS Command Injection via Authentication Helper — Claude Code 9.8 Critical2026-04-06
CVE-2026-35021 Anthropic Claude Code & Agent SDK OS Command Injection via promptEditor.ts — Claude Code 7.8 High2026-04-06
CVE-2026-35020 Anthropic Claude Code & Agent SDK OS Command Injection via TERMINAL Environment Variable — Claude Code 8.4 High2026-04-06
CVE-2026-5678 Totolink A7100RU cstecgi.cgi setScheduleCfg os command injection — A7100RU 7.3 High2026-04-06
CVE-2026-5677 Totolink A7100RU cstecgi.cgi CsteSystem os command injection — A7100RU 7.3 High2026-04-06
CVE-2026-35043 BentoML: command injection in cloud deployment setup script (deployment.py) — BentoML 7.8 High2026-04-06
CVE-2026-34977 Aperi'Solve Affected by Unauthenticated RCE via JPSeek Analyzer Command — AperiSolve 9.8AICriticalAI2026-04-06
CVE-2026-34940 KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods — kubeai 8.7 High2026-04-06
CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276 — vim 8.2 High2026-04-06
CVE-2026-5663 OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection — DCMTK 7.3 High2026-04-06
CVE-2026-5621 ChrisChinchilla Vale-MCP HTTP index.ts os command injection — Vale-MCP 5.3 Medium2026-04-06
CVE-2026-5619 Braffolk mcp-summarization-functions summarize_command mcp-server.ts os command injection — mcp-summarization-functions 5.3 Medium2026-04-06
CVE-2026-5603 elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection — magento2-dev-mcp 5.3 Medium2026-04-05
CVE-2026-5602 Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection — heim-mcp 5.3 Medium2026-04-05
CVE-2026-5547 Tenda AC10 httpd formAddMacfilterRule os command injection — AC10 6.3 Medium2026-04-05
CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection — scrapegraph-ai 6.3 Medium2026-04-05
CVE-2026-5528 MoussaabBadla code-screenshot-mcp HTTP os command injection — code-screenshot-mcp 6.3 Medium2026-04-04
CVE-2026-34779 Electron: AppleScript injection in app.moveToApplicationsFolder on macOS — electron 6.5 Medium2026-04-04

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2653 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.