Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2682

2682 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-43876 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - get8021xSettings — iSTAR Ultra, iSTAR Ultra SE 9.8AICriticalAI2025-12-24
CVE-2025-43875 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - getOptionsInfo — iSTAR Ultra, iSTAR Ultra SE 8.8AIHighAI2025-12-24
CVE-2025-66213 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path — coolify 9.9AICriticalAI2025-12-23
CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename — coolify 8.8AIHighAI2025-12-23
CVE-2025-66211 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in PostgreSQL Init Script Filename — coolify 8.8AIHighAI2025-12-23
CVE-2025-66210 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import — coolify 8.8AIHighAI2025-12-23
CVE-2025-13700 DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability — DreamFactory 8.8AIHighAI2025-12-23
CVE-2025-66209 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Backup — coolify 10.0 Critical2025-12-23
CVE-2025-14500 IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability — IceWarp 9.8AICriticalAI2025-12-23
CVE-2023-53963 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Remote Command Injection — Impact/Pulse/First 9.8 Critical2025-12-22
CVE-2023-53981 PhotoShow 3.0 Remote Code Execution via Exiftran Path Injection — PhotoShow 7.2 High2025-12-22
CVE-2023-53948 Lilac-Reloaded for Nagios 2.0.8 Remote Code Execution via Autodiscovery — Lilac-Reloaded 9.8 Critical2025-12-19
CVE-2023-53945 BrainyCP 1.0 Remote Code Execution via Authenticated Crontab Manipulation — BrainyCP 8.8 High2025-12-19
CVE-2025-11774 Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64 — GENESIS64 8.2 High2025-12-19
CVE-2023-53941 EasyPHP Webserver 14.1 Remote Code Execution — EasyPHP Webserver 9.8 Critical2025-12-18
CVE-2025-14737 Command Injection Vulnerability in TP-Link WA850RE — WA850RE 8.0AIHighAI2025-12-18
CVE-2025-65008 OS Command Injection in WODESYS WD-R608U router — WD-R608U 8.8AIHighAI2025-12-18
CVE-2025-68459 Ruijie AP180 series 操作系统命令注入漏洞 — AP180-PE V3.xx 7.2 High2025-12-18
CVE-2025-68109 ChurchCRM vulnerable to RCE with database restore functionality — CRM 9.1 Critical2025-12-17
CVE-2025-43873 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - setFaultDebounce — iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 9.8AICriticalAI2025-12-17
CVE-2025-68154 Command Injection in fsSize() on Windows — systeminformation 8.1 High2025-12-16
CVE-2023-53872 Wp2Fac 1.0 OS Command Injection via send.php Endpoint — Wp2Fac 9.8AICriticalAI2025-12-15
CVE-2025-14586 TOTOLINK X5000R cstecgi.cgi snprintf os command injection — X5000R 6.3 Medium2025-12-13
CVE-2024-58314 Atcom 2.7.x.x Authenticated Command Injection via Web Configuration CGI — 100M IP Phones 8.8 High2025-12-12
CVE-2024-14010 Typora 1.7.4 OS Command Injection via Export PDF Preferences — Typora 9.8 Critical2025-12-12
CVE-2024-58294 FreePBX 16 Authenticated Remote Code Execution via API Module — FreePBX 8.8AIHighAI2025-12-11
CVE-2024-58287 reNgine 2.2.0 Authenticated Command Injection via Scan Engine Configuration — reNgine 8.8AIHighAI2025-12-11
CVE-2024-58286 dizqueTV 1.5.3 Remote Code Execution via FFMPEG Executable Path — dizqueTV 9.8AICriticalAI2025-12-11
CVE-2025-13481 IBM Aspera Orchestrator Command Injection — Aspera Orchestrator 8.8 High2025-12-11
CVE-2025-67738 Webmin 操作系统命令注入漏洞 — Webmin 8.5 High2025-12-11

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2682 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.