Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2646

2646 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5012 elecV2 elecV2P rpc pm2run os command injection — elecV2P 7.3 High2026-03-28
CVE-2026-5007 kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection — mcp-docs-rag 5.3 Medium2026-03-28
CVE-2026-33874 Authenticator vulnerable to Remote Code Execution — app-Authenticator 7.8 High2026-03-27
CVE-2026-33765 Pi-hole Web Interface has a Command Injection Vulnerability — web 9.8 -2026-03-27
CVE-2026-34387 Fleet vulnerable to OS command injection via crafted software package metadata in uninstall scripts — fleet 7.2 -2026-03-27
CVE-2026-4620 NEC Platforms Aterm Series 安全漏洞 — Aterm WX1500HP 9.8 -2026-03-27
CVE-2026-4622 NEC Platforms Aterm Series 安全漏洞 — Aterm WG2600HS 9.8 -2026-03-27
CVE-2026-27650 BUFFALO Wi-Fi router 操作系统命令注入漏洞 — BUFFALO Wi-Fi router products 9.8 -2026-03-27
CVE-2026-33718 OpenHands is Vulnerable to Command Injection through its Git Diff Handler — OpenHands 7.6 High2026-03-27
CVE-2026-33623 PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution — pinchtab 6.7 Medium2026-03-26
CVE-2023-7338 Ruckus Unleashed Authenticated RCE in Gateway Mode — RUCKUS H350 7.5 High2026-03-26
CVE-2026-26213 thingino-firmware api.cgi Unauthenticated Command Injection in Captive Portal — thingino-firmware 9.8 -2026-03-26
CVE-2026-33396 OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe — oneuptime 10.0 Critical2026-03-26
CVE-2026-1961 Forman: foreman: remote code execution via command injection in websocket proxy — Red Hat Satellite 6.16 for RHEL 8 8.0 High2026-03-26
CVE-2026-4840 Netcore Power 15AX Diagnostic Tool netis.cgi setTools os command injection — Power 15AX 8.8 High2026-03-26
CVE-2026-27602 Modoboa has an OS Command Injection — modoboa 7.2 High2026-03-25
CVE-2026-33412 Vim affected by Command injection via newline in glob() — vim 5.6 Medium2026-03-24
CVE-2026-32948 sbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on Windows — sbt 9.8 -2026-03-24
CVE-2026-23920 Host and event action script regex validation can be bypassed in certain situations, leading to potential command injection — Zabbix 8.8 -2026-03-24
CVE-2025-11571 Command Execution vulnerability in Simplicity Installer — Simplicity Studio v5 7.5 -2026-03-24
CVE-2026-33310 Intake has a Command Injection via shell() Expansion in Parameter Defaults — intake 8.8 High2026-03-24
CVE-2026-4627 D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection — DIR-825 7.2 High2026-03-24
CVE-2026-33046 Indico discloses local files resulting in Remote Code Execution through LaTeX injection — indico 9.8 -2026-03-23
CVE-2026-4611 TOTOLINK X6000R shttpd setLanCfg privilege escalation — X6000R 7.2 High2026-03-23
CVE-2026-23882 Blinko: Admin RCE - MCP Server Command Injection — blinko 8.8 -2026-03-23
CVE-2026-33648 AVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and `liveTransmitionHistory_id` in Restreamer Log File Path — AVideo 8.8 High2026-03-23
CVE-2025-15519 Command Injection in Modem Management CLI on TP-Link Archer NX200, NX210, NX500 and NX600 — Archer NX600 v3.0 6.7 -2026-03-23
CVE-2025-15518 Command Injection in Wireless Control CLI on TP-Link Archer NX200, NX210, NX500 and NX600 — Archer NX600 v3.0 6.7 -2026-03-23
CVE-2026-4591 kalcaddle kodbox fileThumb Endpoint app.php checkBin os command injection — kodbox 4.7 Medium2026-03-23
CVE-2026-33482 AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand() — AVideo 8.1 High2026-03-23

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2646 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.