Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-01 | CVE-2023-3718 | Command Injection vulnerability in HPE Arubaos-Cx 10.10.0000/10.10.1020/10.10.1030 An authenticated command injection vulnerability exists in the AOS-CX command line interface. | 8.8 |
| 2023-08-01 | CVE-2022-39986 | Command Injection vulnerability in Raspap A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. | 9.8 |
| 2023-08-01 | CVE-2022-39987 | Command Injection vulnerability in Raspap A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php. | 8.8 |
| 2023-08-01 | CVE-2023-34960 | Command Injection vulnerability in Chamilo A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. | 9.8 |
| 2023-07-30 | CVE-2023-37214 | Command Injection vulnerability in Heights-T Ero1Xs-Pro Firmware Bzero1Xp.025 Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025. | 9.8 |
| 2023-07-27 | CVE-2023-28012 | Command Injection vulnerability in Hcltech Bigfix Mobile 3.0 HCL BigFix Mobile is vulnerable to a command injection attack. | 8.8 |
| 2023-07-26 | CVE-2023-28130 | Command Injection vulnerability in Checkpoint Gaia Portal Local user may lead to privilege escalation using Gaia Portal hostnames page. | 7.2 |
| 2023-07-14 | CVE-2023-37794 | Command Injection vulnerability in Wayos Fbm-291W Firmware 19.09.11V WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp. | 9.8 |
| 2023-07-14 | CVE-2023-38336 | Command Injection vulnerability in Netkit 0.1724 netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. | 9.8 |
| 2023-07-14 | CVE-2023-38286 | Command Injection vulnerability in multiple products Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. | 7.5 |