CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2682

2682 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-65199	Windscribe for Linux 'changeMTU' local privilege escalation — Windscribe for Linux Desktop App	7.8	High	2025-12-10
CVE-2021-47728	Selea Targa IP Camera Remote Code Execution via Utils — Selea Targa IP OCR-ANPR Camera	9.8^AI	Critical^AI	2025-12-09
CVE-2025-53679	Fortinet FortiSandbox 操作系统命令注入漏洞 — FortiSandbox	6.9	High	2025-12-09
CVE-2025-53949	Fortinet FortiSandbox 操作系统命令注入漏洞 — FortiSandbox	7.0	High	2025-12-09
CVE-2025-64153	Fortinet FortiExtender 操作系统命令注入漏洞 — FortiExtender	6.7	High	2025-12-09
CVE-2025-14204	TykoDev cherry-studio-TykoFork OAuth Server Discovery oauth-authorization-server redirectToAuthorization os command injection — cherry-studio-TykoFork	6.3	Medium	2025-12-07
CVE-2020-36877	ReQuest Serious Play F3 Media Server <= 7.0.3 code execution — ReQuest Serious Play Pro	9.8	-	2025-12-05
CVE-2025-14094	Edimax BR-6478AC V3 formSysCmd sub_44CCE4 os command injection — BR-6478AC V3	4.7	Medium	2025-12-05
CVE-2025-14093	Edimax BR-6478AC V3 formTracerouteDiagnosticRun sub_416990 os command injection — BR-6478AC V3	4.7	Medium	2025-12-05
CVE-2025-14092	Edimax BR-6478AC V3 formDebugDiagnosticRun sub_416898 os command injection — BR-6478AC V3	4.7	Medium	2025-12-05
CVE-2025-66644	Array Networks ArrayOS AG 操作系统命令注入漏洞 — ArrayOS AG	7.2	High	2025-12-05
CVE-2025-66576	Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE) — Remote Keyboard Desktop	9.8^AI	Critical^AI	2025-12-04
CVE-2025-66572	Loaded Commerce 6.6 Client-Side Template Injection(CSTI) — Loaded Commerce	9.8^AI	Critical^AI	2025-12-04
CVE-2024-58278	IndigoSTAR Software - perl2exe <= V30.10C - Arbitrary Code Execution — perl2exe	7.8^AI	High^AI	2025-12-04
CVE-2025-66208	Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy — online	8.8^AI	High^AI	2025-12-03
CVE-2025-34319	TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE — N300RT	9.8^AI	Critical^AI	2025-12-03
CVE-2025-12744	Abrt: command-injection in abrt leading to local privilege escalation	8.8	High	2025-12-03
CVE-2025-11787	Command injection vulnerability in Circutor SGE-PLC1000/SGE-PLC50 — Circutor	9.8^AI	Critical^AI	2025-12-02
CVE-2025-66401	MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL — mcp-watch	9.8	Critical	2025-12-01
CVE-2025-35028	HexStrike AI MCP Server Command Injection — HexStrike AI	9.1	Critical	2025-11-30
CVE-2025-8890	Authenticated RCE in SDMC NE6037 router — NE6037	7.2	-	2025-11-27
CVE-2025-64128	Zenitel TCIV-3+ OS Command Injection — TCIV-3+	10.0	Critical	2025-11-26
CVE-2025-64127	Zenitel TCIV-3+ OS Command Injection — TCIV-3+	10.0	Critical	2025-11-26
CVE-2025-64126	Zenitel TCIV-3+ OS Command Injection — TCIV-3+	10.0	Critical	2025-11-26
CVE-2025-62354	Cursor 安全漏洞 — cursor	9.8	Critical	2025-11-26
CVE-2025-66261	Unauthenticated OS Command Injection (restore_settings.php) — Mozart FM Transmitter	9.8^AI	Critical^AI	2025-11-26
CVE-2025-66253	Unauthenticated OS Command Injection (start_upgrade.php) — Mozart FM Transmitter	8.8^AI	High^AI	2025-11-26
CVE-2025-59370	ASUS Router 安全漏洞 — Router	8.8^AI	High^AI	2025-11-25
CVE-2025-12742	Remote Code Execution in Looker via Teradata JDBC Driver — Looker	8.8^AI	High^AI	2025-11-25
CVE-2025-64755	@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes — claude-code	6.2	-	2025-11-21

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2682 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2682