Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-23 | CVE-2023-27078 | Command Injection vulnerability in Tp-Link Tl-Mr3020 Firmware 1.0 A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint. | 9.8 |
| 2023-03-23 | CVE-2023-27135 | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg. | 9.8 |
| 2023-03-23 | CVE-2023-27079 | Command Injection vulnerability in Tenda G103 Firmware 1.0.05 Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package | 7.5 |
| 2023-03-22 | CVE-2023-27224 | Command Injection vulnerability in Jc21 Nginx Proxy Manager 2.9.19 An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file. | 9.8 |
| 2023-03-20 | CVE-2023-28425 | Command Injection vulnerability in Redis 7.0.8/7.0.9 Redis is an in-memory database that persists on disk. | 5.5 |
| 2023-03-20 | CVE-2015-10096 | Command Injection vulnerability in IRC Twitter Announcer BOT Project IRC Twitter Announcer BOT 1.0.0 A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. | 8.1 |
| 2023-03-16 | CVE-2023-28110 | Command Injection vulnerability in Fit2Cloud Jumpserver and Koko Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. | 9.9 |
| 2023-03-16 | CVE-2022-4009 | Command Injection vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation | 8.8 |
| 2023-03-15 | CVE-2023-1389 | Command Injection vulnerability in Tp-Link Archer Ax21 Firmware TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. | 8.8 |
| 2023-03-15 | CVE-2023-28460 | Command Injection vulnerability in Arraynetworks Array OS A command injection vulnerability was discovered in Array Networks APV products. | 7.2 |