Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-23 | CVE-2024-0005 | Command Injection vulnerability in Purestorage Purity//Fa A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | 8.8 |
| 2024-09-23 | CVE-2024-45348 | Command Injection vulnerability in MI Ax9000 Firmware Xiaomi Router AX9000 has a post-authorization command injection vulnerability. | 8.8 |
| 2024-09-22 | CVE-2024-9076 | Command Injection vulnerability in Dedecms A vulnerability was found in DedeCMS up to 5.7.115. | 8.8 |
| 2024-09-13 | CVE-2024-42025 | Command Injection vulnerability in UI Unifi Network Application A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device. | 7.8 |
| 2024-09-13 | CVE-2024-46048 | Command Injection vulnerability in Tenda Fh451 Firmware 1.0.0.9 Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i | 9.8 |
| 2024-09-12 | CVE-2024-8640 | Command Injection vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. | 8.8 |
| 2024-09-12 | CVE-2024-45824 | Command Injection vulnerability in Rockwellautomation Factorytalk View 12.0/13.0 CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. | 9.8 |
| 2024-09-11 | CVE-2024-44466 | Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. | 9.8 |
| 2024-09-10 | CVE-2023-36103 | Command Injection vulnerability in Tenda Ac15 Firmware 15.03.05.20 Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request. | 9.8 |
| 2024-09-10 | CVE-2024-33508 | Command Injection vulnerability in Fortinet Forticlient Enterprise Management Server An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests. | 7.3 |