Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-25 | CVE-2023-40796 | Command Injection vulnerability in Phicomm K2 Firmware 22.6.529.216 Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call. | 7.8 |
| 2023-08-25 | CVE-2023-25649 | Command Injection vulnerability in ZTE Mf286R Firmware Crlvwrgbmf286Rv1.0.0B04 There is a command injection vulnerability in a mobile internet product of ZTE. | 8.8 |
| 2023-08-24 | CVE-2023-37469 | Command Injection vulnerability in Icewhale Casaos CasaOS is an open-source personal cloud system. | 8.8 |
| 2023-08-24 | CVE-2023-39834 | Command Injection vulnerability in Pbootcms PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. | 9.8 |
| 2023-08-22 | CVE-2020-22570 | Command Injection vulnerability in Memcached 1.6.0/1.6.1/1.6.2 Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command. | 7.5 |
| 2023-08-22 | CVE-2023-23564 | Command Injection vulnerability in Geomatika Isigeo web 6.0 An issue was discovered in Geomatika IsiGeo Web 6.0. | 8.8 |
| 2023-08-22 | CVE-2023-4212 | Command Injection vulnerability in Trane products ?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. | 6.8 |
| 2023-08-21 | CVE-2023-39617 | Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2089B20211224/9.1.0Cu.2350B20230313 TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. | 9.8 |
| 2023-08-21 | CVE-2023-39618 | Command Injection vulnerability in Totolink X5000R Firmware B20210419 TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface. | 9.8 |
| 2023-08-21 | CVE-2023-39809 | Command Injection vulnerability in Nvki Intelligent Broadband Subscriber Gateway 3.5 N.V.K.INTER CO., LTD. | 9.8 |