Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-23 | CVE-2024-22663 | Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.616520211012 TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg | 9.8 |
2024-01-22 | CVE-2023-24135 | Command Injection vulnerability in Jensenofscandinavia Eagle 1200Ac Firmware 15.03.06.33En Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. | 7.8 |
2024-01-17 | CVE-2024-20287 | Command Injection vulnerability in Cisco Wap371 Firmware A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. | 7.2 |
2024-01-16 | CVE-2024-0507 | Command Injection vulnerability in Github Enterprise Server An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. | 8.8 |
2024-01-16 | CVE-2024-0579 | Command Injection vulnerability in Totolink X2000R Firmware 1.0.0B20221212.1452 A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. | 9.8 |
2024-01-16 | CVE-2023-4797 | Command Injection vulnerability in Tribulant Newsletters The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server. | 7.2 |
2024-01-12 | CVE-2024-21887 | Command Injection vulnerability in Ivanti Connect Secure and Policy Secure A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | 9.1 |
2024-01-11 | CVE-2024-22198 | Command Injection vulnerability in Nginxui Nginx UI Nginx-UI is a web interface to manage Nginx configurations. | 8.8 |
2024-01-11 | CVE-2024-22197 | Command Injection vulnerability in Nginxui Nginx UI Nginx-ui is online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. | 8.8 |
2024-01-11 | CVE-2023-52027 | Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513 TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. | 9.8 |