Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2025-01-16 CVE-2025-0457 The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands.
network
low complexity
CWE-78
8.8
8.8
2025-01-06 CVE-2024-12970 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus OS My Computer: before 0.7.2.
low complexity
CWE-78
3.9
3.9
2024-12-30 CVE-2024-54181 IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code.
network
low complexity
CWE-78
7.2
7.2
2024-12-20 CVE-2024-28767 IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
low complexity
CWE-78
6.8
6.8
2024-12-20 CVE-2024-12829 OS Command Injection vulnerability in Arista NG Firewall 17.1.1
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability.
network
low complexity
arista CWE-78
8.8
8.8
2024-12-18 CVE-2024-12686 OS Command Injection vulnerability in Beyondtrust Remote Support
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
network
low complexity
beyondtrust CWE-78
7.2
7.2
2024-12-09 CVE-2024-12358 OS Command Injection vulnerability in Datax-Web Project Datax-Web 2.1.1
A vulnerability was found in WeiYe-Jing datax-web 2.1.1.
network
low complexity
datax-web-project CWE-78
8.8
8.8
2024-12-07 CVE-2024-47115 IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input.
local
low complexity
CWE-78
7.8
7.8
2024-12-04 CVE-2024-51465 IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
CWE-78
8.8
8.8
2024-11-29 CVE-2024-49803 IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
CWE-78
critical
 9.8
9.8