Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2024-22663 Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.616520211012
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg
network
low complexity
totolink CWE-77
critical
9.8
2024-01-22 CVE-2023-24135 Command Injection vulnerability in Jensenofscandinavia Eagle 1200Ac Firmware 15.03.06.33En
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac.
local
low complexity
jensenofscandinavia CWE-77
7.8
2024-01-17 CVE-2024-20287 Command Injection vulnerability in Cisco Wap371 Firmware
A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
network
low complexity
cisco CWE-77
7.2
2024-01-16 CVE-2024-0507 Command Injection vulnerability in Github Enterprise Server
An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console.
network
low complexity
github CWE-77
8.8
2024-01-16 CVE-2024-0579 Command Injection vulnerability in Totolink X2000R Firmware 1.0.0B20221212.1452
A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452.
network
low complexity
totolink CWE-77
critical
9.8
2024-01-16 CVE-2023-4797 Command Injection vulnerability in Tribulant Newsletters
The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.
network
low complexity
tribulant CWE-77
7.2
2024-01-12 CVE-2024-21887 Command Injection vulnerability in Ivanti Connect Secure and Policy Secure
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
network
low complexity
ivanti CWE-77
critical
9.1
2024-01-11 CVE-2024-22198 Command Injection vulnerability in Nginxui Nginx UI
Nginx-UI is a web interface to manage Nginx configurations.
network
low complexity
nginxui CWE-77
8.8
2024-01-11 CVE-2024-22197 Command Injection vulnerability in Nginxui Nginx UI
Nginx-ui is online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time.
network
low complexity
nginxui CWE-77
8.8
2024-01-11 CVE-2023-52027 Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.
network
low complexity
totolink CWE-77
critical
9.8