CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2682

2682 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-9588	OS Command Injection in Iron Mountain's enVision — enVision	10.0	Critical	2025-09-23
CVE-2025-9494	Viessmann Vitogate 300 OS Command Injection — Vitogate 300	8.8^AI	High^AI	2025-09-23
CVE-2025-10775	Wavlink WL-NU516U1 login.cgi sub_4012A0 os command injection — WL-NU516U1	4.7	Medium	2025-09-22
CVE-2025-10774	Ruijie 6000-E10 sub_commit.php os command injection — 6000-E10	4.7	Medium	2025-09-22
CVE-2025-10767	CosmodiumCS OnlyRAT Configuration File main.py remote_download os command injection — OnlyRAT	4.5	Medium	2025-09-21
CVE-2025-10568	HyperX NGENUITY - Arbitrary Code Execution — HyperX NGENUITY	8.8	-	2025-09-19
CVE-2025-48703	Control Web Panel 操作系统命令注入漏洞 — CentOS Web Panel	9.0	Critical	2025-09-19
CVE-2025-36143	IBM watsonx.data command execution — watsonx.data	4.7	Medium	2025-09-18
CVE-2025-23316	NVIDIA Triton Inference Server 操作系统命令注入漏洞 — Triton Inference Server	9.8	Critical	2025-09-17
CVE-2025-10619	sequa-ai sequa-mcp OAuth Server Discovery node-oauth-client-provider.ts redirectToAuthorization os command injection — sequa-mcp	6.3	Medium	2025-09-17
CVE-2025-9972	Planet Technology｜Industrial Cellular Gateway - OS Command Injection — ICG-2510WG-LTE (EU/US)	9.8	Critical	2025-09-17
CVE-2025-10589	N-Partner｜N-Reporter, N-Cloud, N-Probe - OS Command Injection — N-Reporter	8.8	High	2025-09-17
CVE-2025-58116	I-O DATA WN-7D36QR 操作系统命令注入漏洞 — WN-7D36QR	7.2	High	2025-09-17
CVE-2025-59518	LemonLDAP::NG 操作系统命令注入漏洞 — LemonLDAP::NG	8.0	High	2025-09-17
CVE-2025-34184	Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection — EVE X1 Server	9.8^AI	Critical^AI	2025-09-16
CVE-2025-55211	FreePBX Post-Authenticated Command Injection — framework	7.2^AI	High^AI	2025-09-15
CVE-2025-59361	OS command injection in Chaos Mesh via the cleanIptables mutation	9.8	Critical	2025-09-15
CVE-2025-59360	OS command injection in Chaos Mesh via the killProcesses mutation	9.8	Critical	2025-09-15
CVE-2025-59359	OS command injection in Chaos Mesh via the cleanTcs mutation	9.8	Critical	2025-09-15
CVE-2025-10442	Tenda AC9/AC15 exeCommand formexeCommand os command injection — AC9	6.3	Medium	2025-09-15
CVE-2025-10441	D-Link DI-8100G/DI-8200G/DI-8003G jhttpd version_upgrade.asp sub_433F7C os command injection — DI-8100G	6.3	Medium	2025-09-15
CVE-2025-10440	D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection — DI-8100	6.3	Medium	2025-09-15
CVE-2025-59377	mcp-kubernetes-server 安全漏洞 — mcp-kubernetes-server	3.7	Low	2025-09-15
CVE-2025-10359	Wavlink WL-WN578W2 wireless.cgi sub_404DBC os command injection — WL-WN578W2	7.3	High	2025-09-13
CVE-2025-10358	Wavlink WL-WN578W2 wireless.cgi sub_404850 os command injection — WL-WN578W2	7.3	High	2025-09-13
CVE-2025-10328	MiczFlor RPi-Jukebox-RFID playsinglefile.php os command injection — RPi-Jukebox-RFID	6.3	Medium	2025-09-12
CVE-2025-10327	MiczFlor RPi-Jukebox-RFID shuffle.php os command injection — RPi-Jukebox-RFID	6.3	Medium	2025-09-12
CVE-2025-10326	MiczFlor RPi-Jukebox-RFID single.php os command injection — RPi-Jukebox-RFID	6.3	Medium	2025-09-12
CVE-2025-27234	Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0. — Zabbix	9.8	-	2025-09-12
CVE-2025-10265	Digiever｜NVR - OS Command Injection — DS-1200	8.8	High	2025-09-12

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2682 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2682