Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-23 | CVE-2024-41319 | Command Injection vulnerability in Totolink A6000R Firmware 1.0.1B20201211.2000 TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. | 9.8 |
| 2024-07-17 | CVE-2023-52291 | Command Injection vulnerability in Apache Streampark In streampark, the project module integrates Maven's compilation capabilities. | 4.7 |
| 2024-07-17 | CVE-2024-29737 | Command Injection vulnerability in Apache Streampark In streampark, the project module integrates Maven's compilation capabilities. | 4.7 |
| 2024-06-09 | CVE-2024-37569 | Command Injection vulnerability in Mitel 6869I SIP Firmware An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. | 8.8 |
| 2024-06-09 | CVE-2024-37570 | Command Injection vulnerability in Mitel 6869I SIP Firmware 4.5.0.41 On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. | 8.8 |
| 2024-06-04 | CVE-2024-36604 | Command Injection vulnerability in Tendacn O3V2 Firmware 1.0.0.12(3880) Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. | 9.8 |
| 2024-06-04 | CVE-2024-34792 | Command Injection vulnerability in Dextaz Ping Project Dextaz Ping 0.65 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through 0.65. | 7.2 |
| 2024-04-17 | CVE-2023-40146 | A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). low complexity CWE-77 | 6.8 |
| 2024-04-12 | CVE-2024-3400 | Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 10.0 |
| 2024-04-04 | CVE-2024-3273 | Command Injection vulnerability in Dlink products ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. | 9.8 |