Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2024-39783 Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-77
critical
9.1
2024-12-20 CVE-2022-32203 Command Injection vulnerability in Huawei Cv81-Wdm Firmware 01.70.49.29.46
There is a command injection vulnerability in Huawei terminal printer product.
network
low complexity
huawei CWE-77
critical
9.8
2024-12-17 CVE-2024-12356 Command Injection vulnerability in Beyondtrust Remote Support
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
network
low complexity
beyondtrust CWE-77
critical
9.8
2024-12-13 CVE-2024-55956 Command Injection vulnerability in Cleo Lexicom and Vltrader
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
network
low complexity
cleo CWE-77
critical
9.8
2024-12-11 CVE-2024-53290 Command Injection vulnerability in Dell Thinos 2408
Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability.
local
low complexity
dell CWE-77
8.4
2024-12-10 CVE-2024-11634 Command Injection vulnerability in Ivanti Connect Secure 22.7/7.1/7.4
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-77
7.2
2024-12-10 CVE-2024-11772 Command Injection vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-77
7.2
2024-11-25 CVE-2024-11659 Command Injection vulnerability in Engeniustech products
A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical.
network
low complexity
engeniustech CWE-77
7.2
2024-11-25 CVE-2024-11657 Command Injection vulnerability in Engeniustech products
A vulnerability, which was classified as critical, was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118.
network
low complexity
engeniustech CWE-77
7.2
2024-11-25 CVE-2024-11658 Command Injection vulnerability in Engeniustech products
A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical.
network
low complexity
engeniustech CWE-77
7.2