Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2025-05-05 CVE-2024-57235 Command Injection vulnerability in Netgear Rax50 Firmware 1.0.2.26
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.
network
low complexity
netgear CWE-77
critical
 9.8
9.8
2025-05-05 CVE-2025-45042 Command Injection vulnerability in Tenda AC9 Firmware 15.03.05.14
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2025-04-28 CVE-2025-4032 Command Injection vulnerability in Inclusionai Aworld
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e.
network
high complexity
inclusionai CWE-77
8.1
8.1
2025-04-19 CVE-2025-3816 A vulnerability classified as critical was found in westboy CicadasCMS 2.0.
network
low complexity
CWE-77
4.7
4.7
2025-03-31 CVE-2025-2983 A vulnerability has been found in Legrand SMS PowerView 1.x and classified as critical.
low complexity
CWE-77
5.5
5.5
2025-03-25 CVE-2025-2733 A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13.
network
low complexity
CWE-77
6.3
6.3
2025-03-24 CVE-2025-2701 A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0.
network
low complexity
CWE-77
6.3
6.3
2025-03-21 CVE-2025-25274 Command Injection vulnerability in Mattermost Server
Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels.
network
low complexity
mattermost CWE-77
8.8
8.8
2025-03-17 CVE-2025-2367 A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical.
network
low complexity
CWE-77
6.3
6.3
2025-03-11 CVE-2025-24049 Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.
local
low complexity
CWE-77
8.4
8.4