Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2646

2646 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5689 Totolink A7100RU cstecgi.cgi setNtpCfg os command injection — A7100RU 7.3 High2026-04-06
CVE-2026-5688 Totolink A7100RU cstecgi.cgi setDdnsCfg os command injection — A7100RU 7.3 High2026-04-06
CVE-2026-5709 AWS Research and Engineering Studio (RES) FileBrowser Command Injection — Research and Engineering Studio (RES) 8.8 High2026-04-06
CVE-2026-5707 Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES) — Research and Engineering Studio (RES) 8.8 High2026-04-06
CVE-2026-5679 Totolink A3300R cstecgi.cgi vsetTr069Cfg os command injection — A3300R 5.5 Medium2026-04-06
CVE-2026-35022 Anthropic Claude Code & Agent SDK OS Command Injection via Authentication Helper — Claude Code 9.8 Critical2026-04-06
CVE-2026-35021 Anthropic Claude Code & Agent SDK OS Command Injection via promptEditor.ts — Claude Code 7.8 High2026-04-06
CVE-2026-35020 Anthropic Claude Code & Agent SDK OS Command Injection via TERMINAL Environment Variable — Claude Code 8.4 High2026-04-06
CVE-2026-5678 Totolink A7100RU cstecgi.cgi setScheduleCfg os command injection — A7100RU 7.3 High2026-04-06
CVE-2026-5677 Totolink A7100RU cstecgi.cgi CsteSystem os command injection — A7100RU 7.3 High2026-04-06
CVE-2026-35043 BentoML: command injection in cloud deployment setup script (deployment.py) — BentoML 7.8 High2026-04-06
CVE-2026-34977 Aperi'Solve Affected by Unauthenticated RCE via JPSeek Analyzer Command — AperiSolve 9.8AICriticalAI2026-04-06
CVE-2026-34940 KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods — kubeai 8.7 High2026-04-06
CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276 — vim 8.2 High2026-04-06
CVE-2026-5663 OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection — DCMTK 7.3 High2026-04-06
CVE-2026-5621 ChrisChinchilla Vale-MCP HTTP index.ts os command injection — Vale-MCP 5.3 Medium2026-04-06
CVE-2026-5619 Braffolk mcp-summarization-functions summarize_command mcp-server.ts os command injection — mcp-summarization-functions 5.3 Medium2026-04-06
CVE-2026-5603 elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection — magento2-dev-mcp 5.3 Medium2026-04-05
CVE-2026-5602 Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection — heim-mcp 5.3 Medium2026-04-05
CVE-2026-5547 Tenda AC10 httpd formAddMacfilterRule os command injection — AC10 6.3 Medium2026-04-05
CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection — scrapegraph-ai 6.3 Medium2026-04-05
CVE-2026-5528 MoussaabBadla code-screenshot-mcp HTTP os command injection — code-screenshot-mcp 6.3 Medium2026-04-04
CVE-2026-34779 Electron: AppleScript injection in app.moveToApplicationsFolder on macOS — electron 6.5 Medium2026-04-04
CVE-2026-34955 PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox — PraisonAI 8.8 High2026-04-03
CVE-2017-20236 ProSoft Technology ICX35-HWC Command Injection via Web Interface — ICX35-HWC Cellular Gateway 9.8 Critical2026-04-03
CVE-2026-34937 PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution — PraisonAI 7.8 High2026-04-03
CVE-2026-34935 PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command() — PraisonAI 9.8 Critical2026-04-03
CVE-2026-5485 OS command injection in Amazon Athena ODBC driver on Linux — Amazon Athena ODBC driver 7.8 High2026-04-03
CVE-2026-35216 Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step — budibase 9.1 Critical2026-04-03
CVE-2026-25044 Budibase: Command Injection in Bash Automation Step — budibase 8.8AIHighAI2026-04-03

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2646 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.