Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-26 | CVE-2021-27944 | Command Injection vulnerability in Vizio E50X-E1 Firmware and P65-F1 Firmware Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. | 10.0 |
| 2021-08-25 | CVE-2021-1580 | Command Injection vulnerability in Cisco Application Policy Infrastructure Controller Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. | 7.2 |
| 2021-08-24 | CVE-2021-39509 | Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb05R1B011D88210 An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. | 7.5 |
| 2021-08-24 | CVE-2021-39510 | Command Injection vulnerability in Dlink Dir-816 Firmware 101Cnb04 An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. | 7.5 |
| 2021-08-24 | CVE-2021-38556 | Command Injection vulnerability in Raspap 2.6.6 includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection. | 8.8 |
| 2021-08-24 | CVE-2021-38611 | Command Injection vulnerability in Nascent Remkon Device Manager 4.0.0.0 A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php. | 10.0 |
| 2021-08-20 | CVE-2020-18885 | Command Injection vulnerability in PHPmywind 5.6 Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. | 6.5 |
| 2021-08-17 | CVE-2020-15955 | Command Injection vulnerability in Fehcom S/Qmail In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. | 4.3 |
| 2021-08-17 | CVE-2020-29548 | Command Injection vulnerability in Smartertools Smartermail An issue was discovered in SmarterTools SmarterMail through 100.0.7537. | 6.8 |
| 2021-08-17 | CVE-2021-32830 | Command Injection vulnerability in Haikuforteams Diez The @diez/generation npm package is a client for Diez. | 7.0 |