Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-45208 | Command Injection vulnerability in Dlink Dap-1860 Firmware 1.00/1.01B0501/1.01B94 A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. | 8.8 |
| 2023-10-10 | CVE-2023-44827 | Command Injection vulnerability in Easycorp Zentao, Zentao BIZ and Zentao MAX An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function. | 8.8 |
| 2023-10-10 | CVE-2023-44959 | Command Injection vulnerability in Dlink Dsl-3782 Firmware 1.01/1.03 An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. | 8.8 |
| 2023-10-09 | CVE-2023-45351 | Command Injection vulnerability in Atos products Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. | 8.8 |
| 2023-10-09 | CVE-2023-45355 | Command Injection vulnerability in Atos products Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. | 8.8 |
| 2023-10-09 | CVE-2023-45356 | Command Injection vulnerability in Atos products Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform portal. | 8.8 |
| 2023-10-02 | CVE-2023-43891 | Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. | 9.8 |
| 2023-09-28 | CVE-2023-26145 | Command Injection vulnerability in Derrickgilland Pydash This affects versions of the package pydash before 6.0.0. | 8.1 |
| 2023-09-25 | CVE-2023-41303 | Command Injection vulnerability in Huawei Emui and Harmonyos Command injection vulnerability in the distributed file system module. | 7.5 |
| 2023-09-22 | CVE-2023-41029 | Command Injection vulnerability in Juplink Rx4-1500 Firmware Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint. | 8.8 |