Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-3767 OS Command Injection vulnerability in Easyphp Webserver 14.1
An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1.
network
low complexity
easyphp CWE-78
critical
9.8
2023-09-25 CVE-2023-40581 OS Command Injection vulnerability in Yt-Dlp Project Yt-Dlp
yt-dlp is a youtube-dl fork with additional features and fixes.
local
low complexity
yt-dlp-project CWE-78
7.8
2023-09-22 CVE-2023-43129 OS Command Injection vulnerability in Dlink Dir-806 Firmware 100Cnb11
D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters.
network
low complexity
dlink CWE-78
critical
9.8
2023-09-22 CVE-2023-43130 OS Command Injection vulnerability in Dlink Dir-806 Firmware 100Cnb11
D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection.
network
low complexity
dlink CWE-78
critical
9.8
2023-09-22 CVE-2022-3874 OS Command Injection vulnerability in multiple products
A command injection flaw was found in foreman.
network
low complexity
redhat theforeman CWE-78
critical
9.1
2023-09-22 CVE-2023-23362 OS Command Injection vulnerability in Qnap Qts, Quts Hero and Qutscloud
An OS command injection vulnerability has been reported to affect QNAP operating systems.
network
low complexity
qnap CWE-78
8.8
2023-09-20 CVE-2023-0118 OS Command Injection vulnerability in multiple products
An arbitrary code execution flaw was found in Foreman.
network
low complexity
theforeman redhat CWE-78
critical
9.1
2023-09-19 CVE-2022-47555 OS Command Injection vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware
** UNSUPPPORTED WHEN ASSIGNED ** Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor.
network
low complexity
ormazabal CWE-78
8.8
2023-09-18 CVE-2023-35850 OS Command Injection vulnerability in Sun.Net Wmpro 5.0
SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input.
network
low complexity
sun-net CWE-78
7.2
2023-09-15 CVE-2023-28614 OS Command Injection vulnerability in Freewillsolutions Smart Trade 20.01.01.04
Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.
network
low complexity
freewillsolutions CWE-78
critical
9.8