VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-09-11
CVE-2024-6091
OS Command Injection vulnerability in Agpt Autogpt 0.5.1
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings.
network
low complexity
agpt
CWE-78
critical
9.8
9.8
2024-09-10
CVE-2024-8190
OS Command Injection vulnerability in Ivanti Cloud Services Appliance 4.6
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution.
network
low complexity
ivanti
CWE-78
7.2
7.2
2024-09-10
CVE-2024-43385
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices.
network
low complexity
CWE-78
8.8
8.8
2024-09-10
CVE-2024-43387
A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices.
network
low complexity
CWE-78
8.8
8.8
2024-09-10
CVE-2024-7699
An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.
network
low complexity
CWE-78
8.8
8.8
2024-09-10
CVE-2024-6342
**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
network
low complexity
CWE-78
critical
9.8
9.8
2024-09-08
CVE-2024-8574
OS Command Injection vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220
A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical.
network
low complexity
totolink
CWE-78
8.8
8.8
2024-09-06
CVE-2024-44844
OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
network
low complexity
draytek
CWE-78
8.8
8.8
2024-09-06
CVE-2024-44845
OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
network
low complexity
draytek
CWE-78
8.8
8.8
2024-09-06
CVE-2023-34974
OS Command Injection vulnerability in Qnap QTS and Quts Hero
An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap
CWE-78
8.8
8.8
«
1
(current)
2
3
4
5
...
310
311
»
Next