Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-10-20 CVE-2024-10193 Command Injection vulnerability in Wavlink products
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical.
network
low complexity
wavlink CWE-77
7.2
2024-10-19 CVE-2024-10131 Command Injection vulnerability in Infiniflow Ragflow 0.11.0
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability.
network
low complexity
infiniflow CWE-77
8.8
2024-10-18 CVE-2024-9264 Command Injection vulnerability in Grafana 11.0.0
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input.
network
low complexity
grafana CWE-77
8.8
2024-10-14 CVE-2024-35518 Command Injection vulnerability in Netgear Ex6120 Firmware
Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter.
low complexity
netgear CWE-77
6.8
2024-10-14 CVE-2024-35519 Command Injection vulnerability in Netgear Ex3700 Firmware, Ex6100 Firmware and Ex6120 Firmware
Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter.
low complexity
netgear CWE-77
6.8
2024-10-14 CVE-2024-35520 Command Injection vulnerability in Netgear R7000 Firmware 1.0.11.136
Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.
low complexity
netgear CWE-77
6.8
2024-10-11 CVE-2024-35517 Command Injection vulnerability in Netgear Xr1000 Firmware 1.0.0.64
Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.
network
low complexity
netgear CWE-77
7.2
2024-10-11 CVE-2024-35522 Command Injection vulnerability in Netgear Ex3700 Firmware
Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone.
network
low complexity
netgear CWE-77
7.2
2024-10-09 CVE-2024-7840 Command Injection vulnerability in Progress Telerik Reporting 12.0.18.125
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
local
low complexity
progress CWE-77
7.8
2024-10-09 CVE-2024-39436 Command Injection vulnerability in Google Android 13.0/14.0
In linkturbonative service, there is a possible command injection due to improper input validation.
local
low complexity
google CWE-77
6.7