Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-14 | CVE-2024-35519 | Command Injection vulnerability in Netgear Ex3700 Firmware, Ex6100 Firmware and Ex6120 Firmware Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. | 6.8 |
| 2024-10-14 | CVE-2024-35520 | Command Injection vulnerability in Netgear R7000 Firmware 1.0.11.136 Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. | 6.8 |
| 2024-10-11 | CVE-2024-35517 | Command Injection vulnerability in Netgear Xr1000 Firmware 1.0.0.64 Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. | 7.2 |
| 2024-10-11 | CVE-2024-35522 | Command Injection vulnerability in Netgear Ex3700 Firmware Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone. | 7.2 |
| 2024-10-09 | CVE-2024-7840 | Command Injection vulnerability in Progress Telerik Reporting 12.0.18.125 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. | 7.8 |
| 2024-10-09 | CVE-2024-39436 | Command Injection vulnerability in Google Android 13.0/14.0 In linkturbonative service, there is a possible command injection due to improper input validation. | 6.7 |
| 2024-10-09 | CVE-2024-39437 | Command Injection vulnerability in Google Android 13.0/14.0 In linkturbonative service, there is a possible command injection due to improper input validation. | 6.7 |
| 2024-10-09 | CVE-2024-39438 | Command Injection vulnerability in Google Android 13.0/14.0 In linkturbonative service, there is a possible command injection due to improper input validation. | 6.7 |
| 2024-10-08 | CVE-2024-47562 | Command Injection vulnerability in Siemens Sinec Security Monitor A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). | 8.8 |
| 2024-10-02 | CVE-2024-20365 | Command Injection vulnerability in Cisco Unified Computing System A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. | 7.2 |