Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2682

2682 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-54430 dedupe is vulnerable to secret exfiltration via `issue_comment` — dedupe 9.1 Critical2025-07-30
CVE-2025-54418 CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability — CodeIgniter4 9.8 Critical2025-07-28
CVE-2025-53695 Johnson Controls iSTAR Ultra 安全漏洞 — iSTAR Ultra 8.8AIHighAI2025-07-28
CVE-2025-8259 Vaelsys VaelsysV4 Web interface vgrid_server.php execute_DataObjectProc os command injection — VaelsysV4 7.3 High2025-07-28
CVE-2023-53158 gix-transport crate 操作系统命令注入漏洞 — gix-transport 4.1 Medium2025-07-28
CVE-2025-54415 dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration — dag-factory 9.8 -2025-07-26
CVE-2014-125118 eScan 5.5-2 Web Management Console Command Injection — eScan Web Management Console 8.8 -2025-07-25
CVE-2019-25224 WP Database Backup < 5.2 - Unauthenticated OS Command Injection — WP Database Backup – Unlimited Database & Files Backup by Backup for WP 9.8 Critical2025-07-25
CVE-2025-29631 Gardyn 4安全漏洞 — Home Kit Firmware 9.8 Critical2025-07-25
CVE-2025-7404 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - Blind C — Calibre Web 9.8 -2025-07-24
CVE-2015-10141 Xdebug Remote Debugger Unauthenticated OS Command Execution — Xdebug 9.8 -2025-07-23
CVE-2025-41684 Weidmueller: Root Command Injection via Unsanitized Input in tls_iotgen_setting Endpoint — IE-SR-2TX-WL 8.8 High2025-07-23
CVE-2025-41683 Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint — IE-SR-2TX-WL 8.8 High2025-07-23
CVE-2024-53286 Synology Router Manager 操作系统命令注入漏洞 — Synology Router Manager (SRM) 7.2 High2025-07-23
CVE-2025-43020 Poly Clariti Manager - Multiple Security Vulnerabilities — Poly Clariti Manager 7.2 -2025-07-22
CVE-2025-54072 yt-dlp allows `--exec` command injection when using placeholder on Windows — yt-dlp 7.5 High2025-07-22
CVE-2025-7724 Unauthenticated command injection on VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 — VIGI NVR1104H-4P V1 9.8 -2025-07-22
CVE-2025-7723 Authenticated command injection on VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 — VIGI NVR1104H-4P V1 8.8 -2025-07-22
CVE-2025-53472 ELECOM WRC-BE36QS-B和ELECOM WRC-W701-B 操作系统命令注入漏洞 — WRC-BE36QS-B 7.2 High2025-07-22
CVE-2025-7382 Sophos Firewall 安全漏洞 — Sophos Firewall 8.8 High2025-07-21
CVE-2025-6704 Sophos Firewall 安全漏洞 — Sophos Firewall 9.8 Critical2025-07-21
CVE-2025-41675 Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization — mbNET.mini 7.2 High2025-07-21
CVE-2025-41674 Remote Command Injection in diagnostic Action Due to Improper Input Neutralization — mbNET.mini 7.2 High2025-07-21
CVE-2025-41673 Remote Command Injection in send_sms Action Due to Improper Input Neutralization — mbNET.mini 7.2 High2025-07-21
CVE-2025-54314 Thor 操作系统命令注入漏洞 — Thor 2.8 Low2025-07-20
CVE-2025-7788 Xuxueli xxl-job SampleXxlJob.java commandJobHandler os command injection — xxl-job 6.3 Medium2025-07-18
CVE-2025-34132 LILIN DVR Command Injection via NTPUpdate in dvr_box — DVR Firmware 9.8AICriticalAI2025-07-16
CVE-2025-34129 LILIN DVR RCE via Malicious FTP/NTP Configuration — DVR Firmware 7.2AIHighAI2025-07-16
CVE-2025-34125 D-Link DSP-W110A1 Cookie Command Injection — DSP-W110A1 9.8AICriticalAI2025-07-16
CVE-2025-34103 WePresent WiPG-1000 Unauthenticated Command Injection in via rdfs.cgi — WiPG-1000 9.8AICriticalAI2025-07-15

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2682 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.