Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-24 | CVE-2023-27848 | Command Injection vulnerability in Broccoli-Compass Project Broccoli-Compass 0.2.4 broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | 9.8 |
| 2023-04-24 | CVE-2023-27849 | Command Injection vulnerability in Rails-Routes-To-Json Project Rails-Routes-To-Json 1.0.0 rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | 9.8 |
| 2023-04-24 | CVE-2023-29566 | Command Injection vulnerability in multiple products huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | 9.8 |
| 2023-04-24 | CVE-2023-22913 | Command Injection vulnerability in Zyxel products A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device. | 8.1 |
| 2023-04-20 | CVE-2023-20865 | Command Injection vulnerability in VMWare Aria Operations for Logs and Cloud Foundation VMware Aria Operations for Logs contains a command injection vulnerability. | 7.2 |
| 2023-04-18 | CVE-2023-29855 | Command Injection vulnerability in Wbce CMS 1.5.3 WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. | 7.2 |
| 2023-04-18 | CVE-2022-46640 | Command Injection vulnerability in Nanoleaf Desktop Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request. | 9.8 |
| 2023-04-16 | CVE-2022-37704 | Command Injection vulnerability in Zmanda Amanda 3.5.1 Amanda 3.5.1 allows privilege escalation from the regular user backup to root. | 6.7 |
| 2023-04-16 | CVE-2019-14944 | Command Injection vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. | 6.5 |
| 2023-04-14 | CVE-2023-30535 | Command Injection vulnerability in Snowflake Jdbc Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. | 8.8 |