Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-46370 | Command Injection vulnerability in Tenda W18E Firmware 16.01.0.8(1576) Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function. | 9.8 |
| 2023-10-25 | CVE-2023-46574 | Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.616520211012 An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. | 9.8 |
| 2023-10-25 | CVE-2023-5752 | Command Injection vulnerability in Pypa PIP When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). | 3.3 |
| 2023-10-21 | CVE-2023-38193 | Command Injection vulnerability in Superwebmailer 9.00.0.01710 An issue was discovered in SuperWebMailer 9.00.0.01710. | 8.8 |
| 2023-10-16 | CVE-2023-21413 | Command Injection vulnerability in Axis OS GoSecure on behalf of Genetec Inc. | 7.2 |
| 2023-10-16 | CVE-2023-36953 | Command Injection vulnerability in Totolink Cp300+ Firmware 5.2Cu.7594B20200910 TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. | 9.8 |
| 2023-10-16 | CVE-2023-36954 | Command Injection vulnerability in Totolink Cp300+ Firmware 5.2Cu.7594B20200910 TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. | 9.8 |
| 2023-10-14 | CVE-2023-26155 | Command Injection vulnerability in Nrhirani Node-Qpdf All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. | 9.8 |
| 2023-10-14 | CVE-2023-45852 | Command Injection vulnerability in Viessmann Vitogate 300 Firmware 2.1.3.0 In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. | 9.8 |
| 2023-10-13 | CVE-2023-45465 | Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. | 9.8 |