Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2022-24193 | OS Command Injection vulnerability in Icewhale Casaos CasaOS before v0.2.7 was discovered to contain a command injection vulnerability. | 9.8 |
| 2022-03-06 | CVE-2021-46704 | OS Command Injection vulnerability in Genieacs In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). | 9.8 |
| 2022-03-04 | CVE-2021-44827 | OS Command Injection vulnerability in Tp-Link Archer C20I Firmware There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges. | 8.8 |
| 2022-03-04 | CVE-2022-0848 | OS Command Injection vulnerability in Part-Db Project Part-Db OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. | 9.8 |
| 2022-03-03 | CVE-2022-24725 | OS Command Injection vulnerability in Shescape Project Shescape 1.4.0/1.5.0 Shescape is a shell escape package for JavaScript. | 5.5 |
| 2022-03-03 | CVE-2022-0841 | OS Command Injection vulnerability in Npm-Lockfile Project Npm-Lockfile 2.0.3/2.0.4 OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4. | 9.8 |
| 2022-03-02 | CVE-2022-22301 | OS Command Injection vulnerability in Fortinet Fortiap-C An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments. | 7.8 |
| 2022-03-01 | CVE-2021-43075 | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers. | 8.8 |
| 2022-03-01 | CVE-2021-4039 | OS Command Injection vulnerability in Zyxel Nwa1100-Nh Firmware A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | 9.8 |
| 2022-03-01 | CVE-2020-12775 | OS Command Injection vulnerability in Moica Hicos Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. | 9.8 |