Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-06-17 CVE-2024-6047 Certain EOL GeoVision devices fail to properly filter user input for the specific functionality.
network
low complexity
CWE-78
critical
9.8
2024-06-17 CVE-2024-6046 SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality.
network
low complexity
CWE-78
critical
9.8
2024-06-09 CVE-2024-4577 OS Command Injection vulnerability in PHP
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions.
network
low complexity
php CWE-78
critical
9.8
2024-06-06 CVE-2024-36394 OS Command Injection vulnerability in Sysaid
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
network
low complexity
sysaid CWE-78
critical
9.8
2024-06-04 CVE-2024-29972 ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
network
low complexity
CWE-78
critical
9.8
2024-06-04 CVE-2024-29973 ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
network
low complexity
CWE-78
critical
9.8
2024-05-27 CVE-2024-5403 ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote server.
network
low complexity
CWE-78
7.2
2024-05-27 CVE-2024-5400 Openfind Mail2000 does not properly filter parameters of specific CGI.
network
low complexity
CWE-78
8.8
2024-05-27 CVE-2024-5399 Openfind Mail2000 does not properly filter parameters of specific API.
network
low complexity
CWE-78
7.2
2024-05-16 CVE-2024-30314 Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker.
local
low complexity
CWE-78
8.2