Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-17 | CVE-2024-20287 | Command Injection vulnerability in Cisco Wap371 Firmware A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. | 7.2 |
| 2024-01-16 | CVE-2024-0507 | Command Injection vulnerability in Github Enterprise Server An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. | 8.8 |
| 2024-01-16 | CVE-2023-4797 | Command Injection vulnerability in Tribulant Newsletters The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server. | 7.2 |
| 2024-01-12 | CVE-2024-21887 | Command Injection vulnerability in Ivanti Connect Secure and Policy Secure A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | 9.1 |
| 2024-01-11 | CVE-2023-52027 | Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513 TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. | 9.8 |
| 2024-01-11 | CVE-2023-6634 | Command Injection vulnerability in Thimpress Learnpress The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. | 9.8 |
| 2024-01-10 | CVE-2023-51126 | Command Injection vulnerability in Flir AX8 Firmware Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. | 9.8 |
| 2024-01-10 | CVE-2023-51972 | Command Injection vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. | 9.8 |
| 2024-01-09 | CVE-2023-49237 | Command Injection vulnerability in Trendnet Tv-Ip1314Pi Firmware 5.5.3 An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. | 9.8 |
| 2024-01-09 | CVE-2024-21663 | Command Injection vulnerability in Demon1A Discord-Recon Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. | 8.8 |