Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2024-45066 Command Injection vulnerability in Doverfuelingsolutions products
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.
network
low complexity
doverfuelingsolutions CWE-77
critical
9.8
2024-09-23 CVE-2024-0005 Command Injection vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
network
low complexity
purestorage CWE-77
8.8
2024-09-23 CVE-2024-45348 Command Injection vulnerability in MI Ax9000 Firmware
Xiaomi Router AX9000 has a post-authorization command injection vulnerability.
network
low complexity
mi CWE-77
8.8
2024-09-22 CVE-2024-9076 Command Injection vulnerability in Dedecms
A vulnerability was found in DedeCMS up to 5.7.115.
network
low complexity
dedecms CWE-77
8.8
2024-09-13 CVE-2024-42025 Command Injection vulnerability in UI Unifi Network Application
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.
local
low complexity
ui CWE-77
7.8
2024-09-13 CVE-2024-46048 Command Injection vulnerability in Tenda Fh451 Firmware 1.0.0.9
Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i
network
low complexity
tenda CWE-77
critical
9.8
2024-09-12 CVE-2024-8640 Command Injection vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2.
network
low complexity
gitlab CWE-77
8.8
2024-09-11 CVE-2024-44466 Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4.
network
low complexity
comfast CWE-77
critical
9.8
2024-09-10 CVE-2023-36103 Command Injection vulnerability in Tenda Ac15 Firmware 15.03.05.20
Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.
network
low complexity
tenda CWE-77
critical
9.8
2024-09-10 CVE-2024-33508 Command Injection vulnerability in Fortinet Forticlient Enterprise Management Server
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests.
network
low complexity
fortinet CWE-77
7.3