Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2646

2646 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-33478 AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection — AVideo 10.0 Critical2026-03-23
CVE-2026-32968 Unauthenticated RCE in com_mb24sysapi — MB connect line mbCONNECT24 9.8 Critical2026-03-23
CVE-2026-4585 Tiandy Easy7 Integrated Management Platform Configuration ImportSystemConfiguration.jsp os command injection — Easy7 Integrated Management Platform 9.8 Critical2026-03-23
CVE-2026-4558 Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection — MR9600 8.8 High2026-03-22
CVE-2026-33319 AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command — AVideo 5.9 Medium2026-03-22
CVE-2026-32056 OpenClaw < 2026.2.22 - Remote Code Execution via Shell Startup Environment Variable Injection in system.run — OpenClaw 7.5 High2026-03-21
CVE-2026-4499 D-Link DIR-820LW SSDP ssdpcgi_main os command injection — DIR-820LW 7.3 High2026-03-20
CVE-2026-4497 Totolink WA300 cstecgi.cgi recvUpgradeNewFw os command injection — WA300 7.3 High2026-03-20
CVE-2026-4496 sigmade Git-MCP-Server gitUtils.ts child_process.exec os command injection — Git-MCP-Server 5.3 Medium2026-03-20
CVE-2026-22897 QuNetSwitch — QuNetSwitch 9.8 -2026-03-20
CVE-2026-22901 QuNetSwitch — QuNetSwitch 9.8 -2026-03-20
CVE-2026-22902 QuNetSwitch — QuNetSwitch 7.8 -2026-03-20
CVE-2026-4465 D-Link DIR-513 formSysCmd os command injection — DIR-513 6.3 Medium2026-03-20
CVE-2026-32034 OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP — OpenClaw 8.1 High2026-03-19
CVE-2026-32010 OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter — OpenClaw 6.3 Medium2026-03-19
CVE-2026-32003 OpenClaw < 2026.2.22 - Remote Code Execution via SHELLOPTS/PS4 Environment Injection in system.run — OpenClaw 6.6 Medium2026-03-19
CVE-2026-32191 Microsoft Bing Images Remote Code Execution Vulnerability — Microsoft Bing Images 9.8 Critical2026-03-19
CVE-2026-32238 OpenEMR has Remote Code Execution in backup functionality — openemr 9.1 Critical2026-03-19
CVE-2026-32000 OpenClaw < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Tool Execution — OpenClaw 7.1 High2026-03-19
CVE-2026-31999 OpenClaw 2026.2.26 < 2026.3.1 - Current Working Directory Injection via Windows Wrapper Resolution Fallback — OpenClaw 6.3 Medium2026-03-19
CVE-2026-31996 OpenClaw < 2026.2.19 - safeBins stdin-only bypass via sort output and recursive grep flags — OpenClaw 4.4 Medium2026-03-19
CVE-2026-31995 OpenClaw 2026.1.21 < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Extension — OpenClaw 5.3 Medium2026-03-19
CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation — OpenClaw 7.1 High2026-03-19
CVE-2026-29607 OpenClaw < 2026.2.22 - Authorization Bypass via allow-always Wrapper Persistence — OpenClaw 6.8 Medium2026-03-19
CVE-2026-28460 OpenClaw < 2026.2.22 - Allowlist Bypass via Shell Line-Continuation Command Substitution in system.run — OpenClaw 7.1 High2026-03-19
CVE-2026-27566 OpenClaw < 2026.2.22 - Allowlist Bypass via Wrapper Binary Unwrapping in system.run — OpenClaw 7.1 High2026-03-19
CVE-2026-22176 OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation — OpenClaw 6.1 Medium2026-03-19
CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates — glances 7.0 High2026-03-18
CVE-2026-22179 OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run — OpenClaw 7.2 High2026-03-18
CVE-2026-22169 OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins — OpenClaw 6.7 Medium2026-03-18

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2646 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.