Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2646

2646 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-28673 xiaoheiFS Vulnerable to RCE via Unrestricted Plugin Installation (Manifest Manipulation) — xiaoheiFS 7.2 High2026-03-18
CVE-2026-32298 Angeet ES3 KVM OS command injection — ES3 KVM 9.1 Critical2026-03-17
CVE-2026-23759 Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps' — IOLAN STS 7.2 High2026-03-17
CVE-2026-4253 Tenda AC8 Web UploadCfg route_set_user_policy_rule os command injection — AC8 4.7 Medium2026-03-16
CVE-2026-31386 LiteSpeed Web Server Enterprise和LiteSpeed OpenLiteSpeed 操作系统命令注入漏洞 — OpenLiteSpeed 7.2AIHighAI2026-03-16
CVE-2026-4170 Topsec TopACM HTTP Request nmc_sync.php os command injection — TopACM 9.8 Critical2026-03-15
CVE-2026-3227 Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N — TL-WR802N v4 8.8AIHighAI2026-03-13
CVE-2025-15060 claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability — claude-hovercraft 9.8AICriticalAI2026-03-13
CVE-2026-32260 Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix) — deno 8.1 High2026-03-12
CVE-2026-3841 Command Injection Vulnerability in Telnet CLI on TP-Link TL-MR6400 — TL-MR6400 v5.3 7.2AIHighAI2026-03-12
CVE-2026-28384 Authenticated RCE via unsanitized compression_algorithm — lxd 8.8AIHighAI2026-03-12
CVE-2026-3964 OpenAkita Chat API Endpoint shell.py run os command injection — OpenAkita 5.3 Medium2026-03-11
CVE-2026-3959 0xKoda WireMCP Tshark CLI index.js server.tool os command injection — WireMCP 5.3 Medium2026-03-11
CVE-2026-31975 Cloud CLI WebSocket shell injection — claudecodeui 9.8AICriticalAI2026-03-11
CVE-2026-31862 Cloud CLI has Command Injection via Multiple Parameters — claudecodeui 9.1 Critical2026-03-11
CVE-2026-31854 Cursor Affected by Arbitrary Code Execution via Prompt Injection and Whitelist Bypass — cursor 8.8AIHighAI2026-03-11
CVE-2026-20040 Cisco IOS XR Software CLI Privilege Escalation Vulnerability — Cisco IOS XR Software 8.8 High2026-03-11
CVE-2024-14026 QTS, QuTS hero — QTS 8.8AIHighAI2026-03-11
CVE-2026-28292 simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key that enables RCE — simple-git 9.8 Critical2026-03-10
CVE-2025-66178 Fortinet FortiWeb 操作系统命令注入漏洞 — FortiWeb 6.7 High2026-03-10
CVE-2026-25836 Fortinet FortiSandbox Cloud 操作系统命令注入漏洞 — FortiSandbox Cloud 6.7 High2026-03-10
CVE-2025-41709 Command injection in power analyzer via Modbus-TCP and Modbus-RTU — UMG 96RM-E 24V(5222063) 9.8 Critical2026-03-10
CVE-2026-26982 Ghostty affected by arbitrary command execution via control characters in paste and drag-and-drop operations — ghostty 6.3 Medium2026-03-09
CVE-2026-25041 Budibase has a Command Injection in PostgreSQL Dump Command — budibase 9.8AICriticalAI2026-03-09
CVE-2025-15568 Command Injection Vulnerability on TP-Link Archer AXE75 — Archer AXE75 v1.6/v1.0 8.0AIHighAI2026-03-09
CVE-2026-3696 Totolink N300RH CGI cstecgi.cgi setWiFiWpsConfig os command injection — N300RH 7.3 High2026-03-08
CVE-2026-30861 WeKnora: Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation — WeKnora 10.0 Critical2026-03-07
CVE-2026-25070 XikeStor SKS8310-8X PingTestSet Command Injection — XikeStor SKS8310-8X 9.8 -2026-03-07
CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution — copilot-cli 8.0 -2026-03-06
CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php — AVideo-Encoder 9.8 Critical2026-03-06

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2646 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.