Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-16 | CVE-2023-36954 | Command Injection vulnerability in Totolink Cp300+ Firmware 5.2Cu.7594B20200910 TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. | 9.8 |
| 2023-10-14 | CVE-2023-26155 | Command Injection vulnerability in Nrhirani Node-Qpdf All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. | 9.8 |
| 2023-10-14 | CVE-2023-45852 | Command Injection vulnerability in Viessmann Vitogate 300 Firmware 2.1.3.0 In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. | 9.8 |
| 2023-10-13 | CVE-2023-45465 | Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. | 9.8 |
| 2023-10-13 | CVE-2023-45466 | Command Injection vulnerability in Netis-Systems N3Mv2 Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings. | 9.8 |
| 2023-10-11 | CVE-2023-32632 | Command Injection vulnerability in Yifanwireless Yf325 Firmware 1.020221108 A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. | 9.8 |
| 2023-10-11 | CVE-2023-26319 | Command Injection vulnerability in MI Xiaomi Router Ax3200 Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | 7.2 |
| 2023-10-11 | CVE-2023-26320 | Command Injection vulnerability in MI Xiaomi Router Ax3200 Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | 8.1 |
| 2023-10-10 | CVE-2023-45208 | Command Injection vulnerability in Dlink Dap-1860 Firmware 1.00/1.01B0501/1.01B94 A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. | 8.8 |
| 2023-10-10 | CVE-2023-44827 | Command Injection vulnerability in Easycorp Zentao, Zentao BIZ and Zentao MAX An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function. | 8.8 |