Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-08-28 CVE-2021-38120 Command Injection vulnerability in Microfocus Netiq Advanced Authentication
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters.
network
low complexity
microfocus CWE-77
7.2
2024-08-27 CVE-2024-8212 Command Injection vulnerability in Dlink products
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814.
network
low complexity
dlink CWE-77
critical
9.8
2024-08-26 CVE-2023-26315 Command Injection vulnerability in MI Ax9000 Firmware
The Xiaomi router AX9000 has a post-authentication command injection vulnerability.
network
low complexity
mi CWE-77
8.8
2024-08-26 CVE-2024-8073 Command Injection vulnerability in Hillstonenet web Application Firewall 5.5R62.6.7/5.5R62.8.13
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.
network
low complexity
hillstonenet CWE-77
critical
9.8
2024-08-22 CVE-2024-7110 Command Injection vulnerability in Gitlab
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.
network
high complexity
gitlab CWE-77
6.4
2024-08-19 CVE-2024-7922 Command Injection vulnerability in Dell products
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical.
network
low complexity
dell CWE-77
critical
9.8
2024-08-18 CVE-2024-7907 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719
A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719.
network
low complexity
totolink CWE-77
critical
9.8
2024-08-15 CVE-2024-7833 Command Injection vulnerability in Dlink Di-8100 Firmware 16.07
A vulnerability was found in D-Link DI-8100 16.07.
network
low complexity
dlink CWE-77
critical
9.8
2024-08-14 CVE-2024-42360 Command Injection vulnerability in Wurmlab Sequenceserver
SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use.
network
low complexity
wurmlab CWE-77
critical
9.8
2024-08-14 CVE-2024-5914 Command Injection vulnerability in Paloaltonetworks Cortex Xsoar Commonscripts
A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.
network
low complexity
paloaltonetworks CWE-77
critical
9.8