Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-7575 | Command Injection vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | 9.8 |
| 2024-09-25 | CVE-2024-7679 | Command Injection vulnerability in Telerik UI for WPF In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | 7.8 |
| 2024-09-25 | CVE-2024-43693 | Command Injection vulnerability in Doverfuelingsolutions products A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. | 9.8 |
| 2024-09-25 | CVE-2024-45066 | Command Injection vulnerability in Doverfuelingsolutions products A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. | 9.8 |
| 2024-09-23 | CVE-2024-0005 | Command Injection vulnerability in Purestorage Purity//Fa A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | 8.8 |
| 2024-09-23 | CVE-2024-45348 | Command Injection vulnerability in MI Ax9000 Firmware Xiaomi Router AX9000 has a post-authorization command injection vulnerability. | 8.8 |
| 2024-09-22 | CVE-2024-9076 | Command Injection vulnerability in Dedecms A vulnerability was found in DedeCMS up to 5.7.115. | 8.8 |
| 2024-09-13 | CVE-2024-42025 | Command Injection vulnerability in UI Unifi Network Application A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device. | 7.8 |
| 2024-09-13 | CVE-2024-46048 | Command Injection vulnerability in Tenda Fh451 Firmware 1.0.0.9 Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i | 9.8 |
| 2024-09-12 | CVE-2024-8640 | Command Injection vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. | 8.8 |