Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-11 | CVE-2024-35522 | Command Injection vulnerability in Netgear Ex3700 Firmware Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone. | 7.2 |
| 2024-10-09 | CVE-2024-7840 | Command Injection vulnerability in Progress Telerik Reporting 12.0.18.125 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. | 7.8 |
| 2024-10-09 | CVE-2024-39436 | Command Injection vulnerability in Google Android 13.0/14.0 In linkturbonative service, there is a possible command injection due to improper input validation. | 6.7 |
| 2024-10-09 | CVE-2024-39437 | Command Injection vulnerability in Google Android 13.0/14.0 In linkturbonative service, there is a possible command injection due to improper input validation. | 6.7 |
| 2024-10-09 | CVE-2024-39438 | Command Injection vulnerability in Google Android 13.0/14.0 In linkturbonative service, there is a possible command injection due to improper input validation. | 6.7 |
| 2024-10-08 | CVE-2024-47562 | Command Injection vulnerability in Siemens Sinec Security Monitor A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). | 8.8 |
| 2024-10-02 | CVE-2024-20365 | Command Injection vulnerability in Cisco Unified Computing System A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. | 7.2 |
| 2024-10-02 | CVE-2024-20432 | Command Injection vulnerability in Cisco Nexus Dashboard Fabric Controller A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient validation of command arguments. | 8.8 |
| 2024-10-02 | CVE-2024-20492 | Command Injection vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
| 2024-09-26 | CVE-2024-8405 | Command Injection vulnerability in Papercut NG An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. | 5.5 |