Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-4797 | Command Injection vulnerability in Tribulant Newsletters The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server. | 7.2 |
| 2024-01-12 | CVE-2024-21887 | Command Injection vulnerability in Ivanti Connect Secure and Policy Secure A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | 9.1 |
| 2024-01-11 | CVE-2024-22198 | Command Injection vulnerability in Nginxui Nginx UI Nginx-UI is a web interface to manage Nginx configurations. | 8.8 |
| 2024-01-11 | CVE-2024-22197 | Command Injection vulnerability in Nginxui Nginx UI Nginx-ui is online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. | 8.8 |
| 2024-01-11 | CVE-2023-52027 | Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513 TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. | 9.8 |
| 2024-01-11 | CVE-2023-6634 | Command Injection vulnerability in Thimpress Learnpress The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. | 9.8 |
| 2024-01-10 | CVE-2023-51126 | Command Injection vulnerability in Flir AX8 Firmware Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. | 9.8 |
| 2024-01-10 | CVE-2023-51972 | Command Injection vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. | 9.8 |
| 2024-01-09 | CVE-2023-49237 | Command Injection vulnerability in Trendnet Tv-Ip1314Pi Firmware 5.5.3 An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. | 9.8 |
| 2024-01-09 | CVE-2024-21663 | Command Injection vulnerability in Demon1A Discord-Recon Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. | 8.8 |