Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-06-17 CVE-2022-31874 Command Injection vulnerability in Asus Rt-N53 Firmware 3.0.0.4.376.3754
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.
network
low complexity
asus CWE-77
7.5
2022-06-16 CVE-2022-30023 Command Injection vulnerability in Tenda HG9 Firmware 1.0.1
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.
network
low complexity
tenda CWE-77
critical
9.0
2022-06-16 CVE-2022-31849 Command Injection vulnerability in Mercurycom Mipc451-4 Firmware 1.0.22
MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request.
network
low complexity
mercurycom CWE-77
6.5
2022-06-15 CVE-2022-32154 Command Injection vulnerability in Splunk
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request.
network
high complexity
splunk CWE-77
4.0
2022-06-14 CVE-2022-31311 Command Injection vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request.
network
low complexity
wavlink CWE-77
critical
10.0
2022-06-14 CVE-2022-32262 Command Injection vulnerability in Siemens Sinema Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1).
network
low complexity
siemens CWE-77
7.5
2022-06-14 CVE-2022-31446 Command Injection vulnerability in Tendacn Ac18 Firmware 15.03.05.05/15.03.05.19
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.
network
low complexity
tendacn CWE-77
critical
10.0
2022-06-12 CVE-2022-2054 Command Injection vulnerability in Nuitka
Command Injection in GitHub repository nuitka/nuitka prior to 0.9.
local
low complexity
nuitka CWE-77
7.2
2022-06-11 CVE-2021-41738 Command Injection vulnerability in Zeroshell 3.9.5
ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands.
network
low complexity
zeroshell CWE-77
6.5
2022-06-10 CVE-2022-24376 Command Injection vulnerability in Git-Promise Project Git-Promise
All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package.
network
low complexity
git-promise-project CWE-77
7.5