Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2653

2653 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4611 TOTOLINK X6000R shttpd setLanCfg privilege escalation — X6000R 7.2 High2026-03-23
CVE-2026-23882 Blinko: Admin RCE - MCP Server Command Injection — blinko 8.8 -2026-03-23
CVE-2026-33648 AVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and `liveTransmitionHistory_id` in Restreamer Log File Path — AVideo 8.8 High2026-03-23
CVE-2025-15519 Command Injection in Modem Management CLI on TP-Link Archer NX200, NX210, NX500 and NX600 — Archer NX600 v3.0 6.7 -2026-03-23
CVE-2025-15518 Command Injection in Wireless Control CLI on TP-Link Archer NX200, NX210, NX500 and NX600 — Archer NX600 v3.0 6.7 -2026-03-23
CVE-2026-4591 kalcaddle kodbox fileThumb Endpoint app.php checkBin os command injection — kodbox 4.7 Medium2026-03-23
CVE-2026-33482 AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand() — AVideo 8.1 High2026-03-23
CVE-2026-33478 AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection — AVideo 10.0 Critical2026-03-23
CVE-2026-32968 Unauthenticated RCE in com_mb24sysapi — MB connect line mbCONNECT24 9.8 Critical2026-03-23
CVE-2026-4585 Tiandy Easy7 Integrated Management Platform Configuration ImportSystemConfiguration.jsp os command injection — Easy7 Integrated Management Platform 9.8 Critical2026-03-23
CVE-2026-4558 Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection — MR9600 8.8 High2026-03-22
CVE-2026-33319 AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command — AVideo 5.9 Medium2026-03-22
CVE-2026-32056 OpenClaw < 2026.2.22 - Remote Code Execution via Shell Startup Environment Variable Injection in system.run — OpenClaw 7.5 High2026-03-21
CVE-2026-4499 D-Link DIR-820LW SSDP ssdpcgi_main os command injection — DIR-820LW 7.3 High2026-03-20
CVE-2026-4497 Totolink WA300 cstecgi.cgi recvUpgradeNewFw os command injection — WA300 7.3 High2026-03-20
CVE-2026-4496 sigmade Git-MCP-Server gitUtils.ts child_process.exec os command injection — Git-MCP-Server 5.3 Medium2026-03-20
CVE-2026-22897 QuNetSwitch — QuNetSwitch 9.8 -2026-03-20
CVE-2026-22901 QuNetSwitch — QuNetSwitch 9.8 -2026-03-20
CVE-2026-22902 QuNetSwitch — QuNetSwitch 7.8 -2026-03-20
CVE-2026-4465 D-Link DIR-513 formSysCmd os command injection — DIR-513 6.3 Medium2026-03-20
CVE-2026-32034 OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP — OpenClaw 8.1 High2026-03-19
CVE-2026-32010 OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter — OpenClaw 6.3 Medium2026-03-19
CVE-2026-32003 OpenClaw < 2026.2.22 - Remote Code Execution via SHELLOPTS/PS4 Environment Injection in system.run — OpenClaw 6.6 Medium2026-03-19
CVE-2026-32191 Microsoft Bing Images Remote Code Execution Vulnerability — Microsoft Bing Images 9.8 Critical2026-03-19
CVE-2026-32238 OpenEMR has Remote Code Execution in backup functionality — openemr 9.1 Critical2026-03-19
CVE-2026-32000 OpenClaw < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Tool Execution — OpenClaw 7.1 High2026-03-19
CVE-2026-31999 OpenClaw 2026.2.26 < 2026.3.1 - Current Working Directory Injection via Windows Wrapper Resolution Fallback — OpenClaw 6.3 Medium2026-03-19
CVE-2026-31996 OpenClaw < 2026.2.19 - safeBins stdin-only bypass via sort output and recursive grep flags — OpenClaw 4.4 Medium2026-03-19
CVE-2026-31995 OpenClaw 2026.1.21 < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Extension — OpenClaw 5.3 Medium2026-03-19
CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation — OpenClaw 7.1 High2026-03-19

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2653 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.