CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2682

2682 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-58059	Valtimo scripting engine can be used to gain access to sensitive data or resources — valtimo-backend-libraries	9.1	Critical	2025-08-28
CVE-2018-25115	D-Link DIR-110/412/600/615/645/815 RCE via service.cgi — DIR-110	9.8^AI	Critical^AI	2025-08-27
CVE-2024-13985	Dahua EIMS capture_handle.action RCE — EIMS	9.8^AI	Critical^AI	2025-08-27
CVE-2025-34160	AnyShare ServiceAgent API Unauthenticated RCE — AnyShare	9.8^AI	Critical^AI	2025-08-27
CVE-2025-34161	Coolify Git Repository Field Command Injection in Project Deployment Workflow — Coolify	8.8^AI	High^AI	2025-08-27
CVE-2025-20292	Cisco NXOS Software Command Injection Vulnerability — Cisco NX-OS Software	4.4	Medium	2025-08-27
CVE-2025-20295	Cisco UCS Manager Software Command Injection Vulnerability — Cisco Unified Computing System (Managed)	6.0	Medium	2025-08-27
CVE-2025-20294	Cisco UCS Manager Software Command Injection Vulnerability — Cisco Unified Computing System (Managed)	6.5	Medium	2025-08-27
CVE-2025-9528	Linksys E1700 systemCommand os command injection — E1700	4.7	Medium	2025-08-27
CVE-2025-50989	OPNsense 安全漏洞 — OPNsense	9.1	Critical	2025-08-27
CVE-2025-9424	Ruijie WS7204-A branch_import.php os command injection — WS7204-A	4.7	Medium	2025-08-25
CVE-2025-9387	DCN DCME-720 Web Management Backend ip_block.php os command injection — DCME-720	6.3	Medium	2025-08-24
CVE-2025-57771	Roo-Code potential remote code execution via auto-execute command parsing flaw — Roo-Code	8.1	High	2025-08-22
CVE-2025-3128	Mitsubishi Electric Europe smartRTU OS Command Injection — smartRTU	9.8	Critical	2025-08-21
CVE-2025-9262	wong2 mcp-cli oAuth provider.js redirectToAuthorization os command injection — mcp-cli	5.6	Medium	2025-08-20
CVE-2025-9244	Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 addStaticRoute os command injection — RE6250	6.3	Medium	2025-08-20
CVE-2025-6183	Configd Injection — sdm-cli	7.5^AI	High^AI	2025-08-20
CVE-2025-6181	StrongDM Client 安全漏洞 — sdm-cli	7.8^AI	High^AI	2025-08-20
CVE-2011-10026	Spreecommerce < 0.50.x API RCE — Spreecommerce	9.8^AI	Critical^AI	2025-08-20
CVE-2010-20059	FreeNAS < 0.7.2 rev 5543 exec_raw.php Arbitrary Command Execution — FreeNAS	9.8^AI	Critical^AI	2025-08-20
CVE-2025-9176	neurobin shc Environment Variable shc.c make os command injection — shc	5.3	Medium	2025-08-19
CVE-2025-9174	neurobin shc Filename shc.c make os command injection — shc	5.3	Medium	2025-08-19
CVE-2025-55284	Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code — claude-code	9.4^AI	Critical^AI	2025-08-16
CVE-2025-9026	D-Link DIR-860L Simple Service Discovery Protocol cgibin ssdpcgi_main os command injection — DIR-860L	7.3	High	2025-08-15
CVE-2025-20220	Cisco Secure Firewall Management Center和Cisco Secure Firewall Threat Defense 操作系统命令注入漏洞 — Cisco Firepower Management Center	6.0	Medium	2025-08-14
CVE-2011-10017	Snort Report nmap.php/nbtscan.php RCE — Snort Report	9.8^AI	Critical^AI	2025-08-13
CVE-2012-10059	Dolibarr ERP/CRM Post-Auth OS Command Injection — ERP/CRM	8.8^AI	High^AI	2025-08-13
CVE-2025-23294	NVIDIA WebDataset 操作系统命令注入漏洞 — NVIDIA WebDataset	7.8	High	2025-08-13
CVE-2025-54382	Cherry Studio RCE Vulnerability Disclosure — cherry-studio	9.7	Critical	2025-08-13
CVE-2025-54074	Cherry Studio is Vulnerable to OS Command Injection during Connection with a Malicious MCP Server — cherry-studio	8.8^AI	High^AI	2025-08-13

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2682 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2682