Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2682

2682 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-34115 OP5 Monitor <= 7.1.9 Authenticated Command Execution via command_test.php — OP5 Monitor 8.8AIHighAI2025-07-15
CVE-2025-34116 IPFire < 2.19 Core Update 101 proxy.cgi RCE — IPFire 8.8AIHighAI2025-07-15
CVE-2025-53818 github-kanban-mcp-server Command Injection vulnerability — github-kanban-mcp-server 9.8AICriticalAI2025-07-14
CVE-2025-53623 Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class — job-iteration 8.8AIHighAI2025-07-14
CVE-2025-7451 Hgiga|iSherlock - OS Command Injection — iSherlock-maillog-4.5 9.8 Critical2025-07-14
CVE-2025-7553 D-Link DIR-818LW System Time Page os command injection — DIR-818LW 4.7 Medium2025-07-13
CVE-2025-52988 Junos OS and Junos OS Evolved: Privilege escalation to root via CLI command 'request system logout' — Junos OS 6.7 Medium2025-07-11
CVE-2025-50121 Schneider Electric EcoStruxure IT Data Center Expert 操作系统命令注入漏洞 — EcoStruxure™ IT Data Center Expert 9.8AICriticalAI2025-07-11
CVE-2025-52994 phpThumb 操作系统命令注入漏洞 — phpThumb 4.9 Medium2025-07-11
CVE-2013-3307 Linksys多款产品 操作系统命令注入漏洞 — E1000 8.3 High2025-07-11
CVE-2025-53637 Meshtastic allows Command Injection in GitHub Action — firmware 4.1 Medium2025-07-10
CVE-2025-7414 Tenda O3V2 httpd setPingInfo fromNetToolGet os command injection — O3V2 6.3 Medium2025-07-10
CVE-2025-34095 Mako Server v2.5 and v2.6 OS Command Injection via examples/save.lsp — Mako Server 9.8AICriticalAI2025-07-10
CVE-2025-34093 Polycom HDX Series Telnet Command Injection via lan traceroute — HDX Series 8.8AIHighAI2025-07-10
CVE-2025-34101 Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter — Media Server 9.8AICriticalAI2025-07-10
CVE-2025-34099 VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password — VICIdial 9.8AICriticalAI2025-07-10
CVE-2025-53542 Kubernetes Headlamp Allows Arbitrary Command Injection in macOS Process headlamp@codeSign — headlamp 7.8 High2025-07-10
CVE-2025-46334 Git GUI malicious command injection on Windows — git-gui 8.6 High2025-07-10
CVE-2025-27614 Gitk allows arbitrary command execution — gitk 8.6 High2025-07-10
CVE-2025-27613 Gitk can create and truncate files in the user's home directory — gitk 3.6 Low2025-07-10
CVE-2025-7407 Netgear D6400 diag.cgi os command injection — D6400 6.3 Medium2025-07-10
CVE-2025-6514 OS command injection in mcp-remote when connecting to untrusted MCP servers 9.6 Critical2025-07-09
CVE-2025-3499 Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector — iSAP Smart Collector 10.0 Critical2025-07-09
CVE-2025-49537 ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) — ColdFusion 7.9 High2025-07-08
CVE-2025-6771 OS command injection in Ivanti Endpoint Manager — Endpoint Manager Mobile 7.2 High2025-07-08
CVE-2025-6770 OS command injection in Ivanti Endpoint Manager — Endpoint Manager Mobile 7.2 High2025-07-08
CVE-2025-25269 Local Privilege Escalation via Unauthenticated Command Injection — CHARX SEC-3150 8.4 High2025-07-08
CVE-2025-7154 TOTOLINK N200RE cstecgi.cgi sub_41A0F8 os command injection — N200RE 6.3 Medium2025-07-08
CVE-2025-20319 Remote Command Execution through Scripted Input Files in Splunk Enterprise — Splunk Enterprise 6.8 Medium2025-07-07
CVE-2025-53376 Dokploy allows attackers to run arbitrary OS commands on the Dokploy host. — dokploy 8.8AIHighAI2025-07-07

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2682 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.