Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2023-49716 Command Injection vulnerability in Emerson products
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.
network
low complexity
emerson CWE-77
critical
9.8
2024-02-08 CVE-2023-40263 Command Injection vulnerability in Unify Openscape Voice Trace Manager V8
An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11.
network
low complexity
unify CWE-77
8.8
2024-02-08 CVE-2024-24321 Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb05
An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.
network
low complexity
dlink CWE-77
critical
9.8
2024-02-08 CVE-2024-24216 Command Injection vulnerability in Easycorp Zentao
Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php.
network
low complexity
easycorp CWE-77
critical
9.8
2024-02-05 CVE-2024-23049 Command Injection vulnerability in B3Log Symphony
An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.
network
low complexity
b3log CWE-77
critical
9.8
2024-02-02 CVE-2023-47562 Command Injection vulnerability in Qnap Photo Station 6.4.0
An OS command injection vulnerability has been reported to affect Photo Station.
network
low complexity
qnap CWE-77
8.8
2024-02-02 CVE-2024-22107 Command Injection vulnerability in Gttb GTB Central Console 15.17.130814.Ng
An issue was discovered in GTB Central Console 15.17.1-30814.NG.
network
low complexity
gttb CWE-77
7.2
2024-02-02 CVE-2024-22900 Command Injection vulnerability in Vinchin Backup and Recovery
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function.
network
low complexity
vinchin CWE-77
8.8
2024-02-02 CVE-2024-22903 Command Injection vulnerability in Vinchin Backup and Recovery
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.
network
low complexity
vinchin CWE-77
8.8
2024-02-01 CVE-2024-0325 Command Injection vulnerability in Perforce Helix Sync
In Helix Sync versions prior to 2024.1, a local command injection was identified.
local
low complexity
perforce CWE-77
7.8