Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-06-28 CVE-2023-26134 Command Injection vulnerability in Git-Commit-Info Project Git-Commit-Info
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API.
network
low complexity
git-commit-info-project CWE-77
critical
9.8
2023-06-23 CVE-2023-30260 Command Injection vulnerability in Raspap
Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.
network
low complexity
raspap CWE-77
8.8
2023-06-20 CVE-2023-26429 Command Injection vulnerability in Open-Xchange Appsuite Backend
Control characters were not removed when exporting user feedback content.
network
low complexity
open-xchange CWE-77
5.3
2023-06-15 CVE-2023-24032 Command Injection vulnerability in Zimbra Collaboration 8.8.15/9.0.0
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).
local
low complexity
zimbra CWE-77
7.8
2023-06-14 CVE-2023-31746 Command Injection vulnerability in Vw2100 Project Vw2100 Firmware M1Dv1.0
There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0.
network
low complexity
vw2100-project CWE-77
critical
9.8
2023-06-13 CVE-2023-27836 Command Injection vulnerability in Tp-Link Tl-Wpa8630P Firmware 171011
TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.
network
low complexity
tp-link CWE-77
critical
9.8
2023-06-13 CVE-2023-27837 Command Injection vulnerability in Tp-Link Tl-Wpa8630P Firmware 171011
TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774.
network
low complexity
tp-link CWE-77
critical
9.8
2023-06-13 CVE-2023-33919 Command Injection vulnerability in Siemens Cpci85 Firmware
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05).
network
low complexity
siemens CWE-77
7.2
2023-06-12 CVE-2023-26294 Command Injection vulnerability in HP Device Manager
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
local
low complexity
hp CWE-77
7.8
2023-06-12 CVE-2023-26295 Command Injection vulnerability in HP Device Manager
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
network
low complexity
hp CWE-77
critical
9.8