Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-01 | CVE-2023-28365 | Command Injection vulnerability in UI Unifi 2.3.5/2.3.6 A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. | 9.1 |
| 2023-06-30 | CVE-2023-22815 | Command Injection vulnerability in Westerndigital MY Cloud OS Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. | 6.7 |
| 2023-06-30 | CVE-2023-22816 | Command Injection vulnerability in Westerndigital MY Cloud OS A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300. | 8.8 |
| 2023-06-29 | CVE-2023-34849 | Command Injection vulnerability in Ikuai8 Ikuaios An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1. | 9.8 |
| 2023-06-28 | CVE-2023-26134 | Command Injection vulnerability in Git-Commit-Info Project Git-Commit-Info Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. | 9.8 |
| 2023-06-23 | CVE-2023-30260 | Command Injection vulnerability in Raspap Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. | 8.8 |
| 2023-06-20 | CVE-2023-26429 | Command Injection vulnerability in Open-Xchange Appsuite Backend Control characters were not removed when exporting user feedback content. | 5.3 |
| 2023-06-15 | CVE-2023-24032 | Command Injection vulnerability in Zimbra Collaboration 8.8.15/9.0.0 In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE). | 7.8 |
| 2023-06-14 | CVE-2023-31746 | Command Injection vulnerability in Vw2100 Project Vw2100 Firmware M1Dv1.0 There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. | 9.8 |
| 2023-06-13 | CVE-2023-27836 | Command Injection vulnerability in Tp-Link Tl-Wpa8630P Firmware 171011 TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C. | 9.8 |