Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-02 | CVE-2024-10697 | Command Injection vulnerability in Tenda AC6 Firmware 15.03.05.19 A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. | 9.8 |
| 2024-10-29 | CVE-2024-41153 | Command Injection vulnerability in Hitachienergy Tro610 Firmware, Tro620 Firmware and Tro670 Firmware Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. | 7.2 |
| 2024-10-27 | CVE-2024-10428 | Command Injection vulnerability in Wavlink products A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. | 7.2 |
| 2024-10-27 | CVE-2024-10429 | Command Injection vulnerability in Wavlink products A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. | 7.2 |
| 2024-10-22 | CVE-2024-9287 | Command Injection vulnerability in Python A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). | 7.8 |
| 2024-10-20 | CVE-2024-10193 | Command Injection vulnerability in Wavlink products A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. | 7.2 |
| 2024-10-19 | CVE-2024-10131 | Command Injection vulnerability in Infiniflow Ragflow 0.11.0 The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. | 8.8 |
| 2024-10-18 | CVE-2024-9264 | Command Injection vulnerability in Grafana 11.0.0 The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. | 8.8 |
| 2024-10-14 | CVE-2024-35518 | Command Injection vulnerability in Netgear Ex6120 Firmware Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. | 6.8 |
| 2024-10-14 | CVE-2024-35519 | Command Injection vulnerability in Netgear Ex3700 Firmware, Ex6100 Firmware and Ex6120 Firmware Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. | 6.8 |