Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-11-25 CVE-2024-11652 Command Injection vulnerability in Engeniustech products
A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118.
network
low complexity
engeniustech CWE-77
7.2
2024-11-24 CVE-2024-11665 Command Injection vulnerability in Echarge Salia Plcc Firmware
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.This issue affects cph2_echarge_firmware: through 2.0.4.
low complexity
echarge CWE-77
8.8
2024-11-24 CVE-2024-53899 Command Injection vulnerability in Virtualenv
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment.
network
low complexity
virtualenv CWE-77
critical
9.8
2024-11-21 CVE-2024-11320 Command Injection vulnerability in Pandorafms Pandora FMS
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism.
network
low complexity
pandorafms CWE-77
critical
9.8
2024-11-21 CVE-2024-51151 Command Injection vulnerability in Dlink Di-8200 Firmware 16.07.26A1
D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter.
network
low complexity
dlink CWE-77
critical
9.8
2024-11-15 CVE-2022-1884 Command Injection vulnerability in Gogs
A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server.
network
low complexity
gogs CWE-77
critical
9.8
2024-11-15 CVE-2024-10443 Command Injection vulnerability in Synology Beephotos and Photos
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
synology CWE-77
critical
9.8
2024-11-13 CVE-2024-50852 Command Injection vulnerability in Tendacn G3 Firmware 15.11.0.20
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function.
network
low complexity
tendacn CWE-77
8.8
2024-11-13 CVE-2024-50853 Command Injection vulnerability in Tendacn G3 Firmware 15.11.0.20
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.
network
low complexity
tendacn CWE-77
8.8
2024-11-12 CVE-2024-43613 Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
network
low complexity
CWE-77
7.2