Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-46048 | Command Injection vulnerability in Tenda Fh451 Firmware 1.0.0.9 Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i | 9.8 |
| 2024-09-12 | CVE-2024-8640 | Command Injection vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. | 8.8 |
| 2024-09-12 | CVE-2024-45824 | Command Injection vulnerability in Rockwellautomation Factorytalk View 12.0/13.0 CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. | 9.8 |
| 2024-09-11 | CVE-2024-44466 | Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. | 9.8 |
| 2024-09-10 | CVE-2023-36103 | Command Injection vulnerability in Tenda Ac15 Firmware 15.03.05.20 Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request. | 9.8 |
| 2024-09-10 | CVE-2024-33508 | Command Injection vulnerability in Fortinet Forticlient Enterprise Management Server An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests. | 7.3 |
| 2024-09-10 | CVE-2024-42427 | Command Injection vulnerability in Dell Wyse Thinos 9.5.1079/9.5.2109 Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. | 7.6 |
| 2024-09-09 | CVE-2024-44410 | Command Injection vulnerability in Dlink Di-8300 Firmware 16.07.26A1 D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. | 9.8 |
| 2024-09-06 | CVE-2023-47563 | Command Injection vulnerability in Qnap Video Station An OS command injection vulnerability has been reported to affect Video Station. | 8.8 |
| 2024-09-06 | CVE-2024-21903 | Command Injection vulnerability in Qnap QTS and Quts Hero An OS command injection vulnerability has been reported to affect several QNAP operating system versions. | 4.7 |