Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-29 | CVE-2022-43623 | Command Injection vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
| 2023-03-29 | CVE-2023-1685 | Command Injection vulnerability in Hadsky A vulnerability was found in HadSky up to 7.11.8. | 7.2 |
| 2023-03-29 | CVE-2023-23355 | Command Injection vulnerability in Qnap products An OS command injection vulnerability has been reported to affect QNAP operating systems. | 7.2 |
| 2023-03-28 | CVE-2023-27232 | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg. | 9.8 |
| 2023-03-28 | CVE-2023-27229 | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg. | 9.8 |
| 2023-03-28 | CVE-2023-27231 | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg. | 9.8 |
| 2023-03-28 | CVE-2023-28712 | Command Injection vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions. | 9.8 |
| 2023-03-27 | CVE-2023-26493 | Command Injection vulnerability in Cocos Cocos-Engine Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. | 8.8 |
| 2023-03-27 | CVE-2023-28430 | Command Injection vulnerability in Onesignal React-Native-Onesignal OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues (types: [closed]) (i.e., when an Issue is closed). | 8.1 |
| 2023-03-27 | CVE-2023-1141 | Command Injection vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution. | 8.8 |