Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2653

2653 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-29607 OpenClaw < 2026.2.22 - Authorization Bypass via allow-always Wrapper Persistence — OpenClaw 6.8 Medium2026-03-19
CVE-2026-28460 OpenClaw < 2026.2.22 - Allowlist Bypass via Shell Line-Continuation Command Substitution in system.run — OpenClaw 7.1 High2026-03-19
CVE-2026-27566 OpenClaw < 2026.2.22 - Allowlist Bypass via Wrapper Binary Unwrapping in system.run — OpenClaw 7.1 High2026-03-19
CVE-2026-22176 OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation — OpenClaw 6.1 Medium2026-03-19
CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates — glances 7.0 High2026-03-18
CVE-2026-22179 OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run — OpenClaw 7.2 High2026-03-18
CVE-2026-22169 OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins — OpenClaw 6.7 Medium2026-03-18
CVE-2026-28673 xiaoheiFS Vulnerable to RCE via Unrestricted Plugin Installation (Manifest Manipulation) — xiaoheiFS 7.2 High2026-03-18
CVE-2026-32298 Angeet ES3 KVM OS command injection — ES3 KVM 9.1 Critical2026-03-17
CVE-2026-23759 Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps' — IOLAN STS 7.2 High2026-03-17
CVE-2026-4253 Tenda AC8 Web UploadCfg route_set_user_policy_rule os command injection — AC8 4.7 Medium2026-03-16
CVE-2026-31386 LiteSpeed Web Server Enterprise和LiteSpeed OpenLiteSpeed 操作系统命令注入漏洞 — OpenLiteSpeed 7.2AIHighAI2026-03-16
CVE-2026-4170 Topsec TopACM HTTP Request nmc_sync.php os command injection — TopACM 9.8 Critical2026-03-15
CVE-2026-3227 Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N — TL-WR802N v4 8.8AIHighAI2026-03-13
CVE-2025-15060 claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability — claude-hovercraft 9.8AICriticalAI2026-03-13
CVE-2026-32260 Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix) — deno 8.1 High2026-03-12
CVE-2026-3841 Command Injection Vulnerability in Telnet CLI on TP-Link TL-MR6400 — TL-MR6400 v5.3 7.2AIHighAI2026-03-12
CVE-2026-28384 Authenticated RCE via unsanitized compression_algorithm — lxd 8.8AIHighAI2026-03-12
CVE-2026-3964 OpenAkita Chat API Endpoint shell.py run os command injection — OpenAkita 5.3 Medium2026-03-11
CVE-2026-3959 0xKoda WireMCP Tshark CLI index.js server.tool os command injection — WireMCP 5.3 Medium2026-03-11
CVE-2026-31975 Cloud CLI WebSocket shell injection — claudecodeui 9.8AICriticalAI2026-03-11
CVE-2026-31862 Cloud CLI has Command Injection via Multiple Parameters — claudecodeui 9.1 Critical2026-03-11
CVE-2026-31854 Cursor Affected by Arbitrary Code Execution via Prompt Injection and Whitelist Bypass — cursor 8.8AIHighAI2026-03-11
CVE-2026-20040 Cisco IOS XR Software CLI Privilege Escalation Vulnerability — Cisco IOS XR Software 8.8 High2026-03-11
CVE-2024-14026 QTS, QuTS hero — QTS 8.8AIHighAI2026-03-11
CVE-2026-28292 simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key that enables RCE — simple-git 9.8 Critical2026-03-10
CVE-2025-66178 Fortinet FortiWeb 操作系统命令注入漏洞 — FortiWeb 6.7 High2026-03-10
CVE-2026-25836 Fortinet FortiSandbox Cloud 操作系统命令注入漏洞 — FortiSandbox Cloud 6.7 High2026-03-10
CVE-2025-41709 Command injection in power analyzer via Modbus-TCP and Modbus-RTU — UMG 96RM-E 24V(5222063) 9.8 Critical2026-03-10
CVE-2026-26982 Ghostty affected by arbitrary command execution via control characters in paste and drag-and-drop operations — ghostty 6.3 Medium2026-03-09

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2653 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.