Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-31 | CVE-2022-4002 | Command Injection vulnerability in Motorola Q14 Firmware A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request. | 7.2 |
| 2024-07-29 | CVE-2024-7177 | Command Injection vulnerability in Totolink A3600R Firmware 4.1.2Cu.5182B20201102 A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. | 8.8 |
| 2024-07-29 | CVE-2024-7174 | Command Injection vulnerability in Totolink A3600R Firmware 4.1.2Cu.5182B20201102 A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. | 8.8 |
| 2024-07-25 | CVE-2024-38288 | Command Injection vulnerability in Rhubcom Turbomeeting A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root. | 7.2 |
| 2024-07-23 | CVE-2024-41319 | Command Injection vulnerability in Totolink A6000R Firmware 1.0.1B20201211.2000 TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. | 9.8 |
| 2024-07-09 | CVE-2024-39571 | Command Injection vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). | 8.8 |
| 2024-07-09 | CVE-2024-4944 | Command Injection vulnerability in Watchguard Mobile VPN With SSL A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. | 7.8 |
| 2024-07-08 | CVE-2024-25639 | Command Injection vulnerability in Khoj Khoj is an application that creates personal AI agents. | 7.5 |
| 2024-07-01 | CVE-2024-36983 | Command Injection vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. | 8.8 |
| 2024-06-25 | CVE-2024-4884 | Command Injection vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges. | 9.8 |