Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-08 | CVE-2024-0291 | Command Injection vulnerability in Totolink Lr1200Gb Firmware 9.1.0U.6619B20230130 A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. | 8.8 |
| 2024-01-05 | CVE-2023-47560 | Command Injection vulnerability in Qnap Qumagie 2.2.0 An OS command injection vulnerability has been reported to affect QuMagie. | 8.8 |
| 2023-12-29 | CVE-2023-52137 | Command Injection vulnerability in Tj-Actions Verify-Changed-Files The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. | 8.8 |
| 2023-12-27 | CVE-2023-51664 | Command Injection vulnerability in Tj-Actions Changed-Files tj-actions/changed-files is a Github action to retrieve all files and directories. | 9.8 |
| 2023-12-25 | CVE-2023-49226 | Command Injection vulnerability in Peplink Balance TWO Firmware 8.1.0 An issue was discovered in Peplink Balance Two before 8.4.0. | 7.2 |
| 2023-12-22 | CVE-2023-51016 | Command Injection vulnerability in Totolink Ex1800T Firmware 9.1.0Cu.2112B20220316 TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi. | 9.8 |
| 2023-12-22 | CVE-2023-51707 | Command Injection vulnerability in Arraynetworks Arrayos AG MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. | 9.8 |
| 2023-12-20 | CVE-2023-50983 | Command Injection vulnerability in Tenda I29 Firmware 1.0.0.2/1.0.0.5 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function. | 9.8 |
| 2023-12-20 | CVE-2023-50989 | Command Injection vulnerability in Tenda I29 Firmware 1.0.0.2/1.0.0.5 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function. | 9.8 |
| 2023-12-19 | CVE-2023-6940 | Command Injection vulnerability in Lfprojects Mlflow with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. | 8.8 |