Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-7700 Command Injection vulnerability in Theforeman Foreman
A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page.
local
low complexity
theforeman CWE-77
6.5
2024-08-12 CVE-2024-22122 Command Injection vulnerability in Zabbix
Zabbix allows to configure SMS notifications.
network
low complexity
zabbix CWE-77
critical
9.1
2024-08-12 CVE-2024-37023 Command Injection vulnerability in Vonets products
Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters.
network
low complexity
vonets CWE-77
critical
9.9
2024-08-12 CVE-2024-7616 Command Injection vulnerability in Edimax Ic-5150W Firmware and Ic-6220Dc Firmware
A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06.
network
low complexity
edimax CWE-77
critical
9.8
2024-08-08 CVE-2024-3659 Command Injection vulnerability in Kaongroup Ar2140 Firmware
Firmware in KAON AR2140 routers prior to version 4.2.16 is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router.
network
low complexity
kaongroup CWE-77
7.2
2024-08-06 CVE-2024-28739 Command Injection vulnerability in Koha
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter.
network
low complexity
koha CWE-77
7.2
2024-08-05 CVE-2024-7464 Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566
A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566.
network
low complexity
totolink CWE-77
critical
9.8
2024-08-03 CVE-2024-7443 Command Injection vulnerability in Vivotek Ib8367A Firmware
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b.
network
low complexity
vivotek CWE-77
critical
9.8
2024-08-03 CVE-2024-7442 Command Injection vulnerability in Vivotek Sd9364 Firmware
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f.
network
low complexity
vivotek CWE-77
critical
9.8
2024-08-03 CVE-2024-7440 Command Injection vulnerability in Vivotek Cc8160 Firmware
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d.
network
low complexity
vivotek CWE-77
critical
9.8