Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-09 | CVE-2021-20731 | OS Command Injection vulnerability in Buffalo Wsr-1166Dhp3 Firmware and Wsr-1166Dhp4 Firmware WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors. | 8.8 |
| 2021-06-08 | CVE-2021-26472 | OS Command Injection vulnerability in Vembu BDR Suite and Offsite DR In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. | 9.8 |
| 2021-06-08 | CVE-2021-32673 | OS Command Injection vulnerability in Reg-Keygen-Git-Hash Project Reg-Keygen-Git-Hash reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. | 9.8 |
| 2021-06-03 | CVE-2021-24023 | OS Command Injection vulnerability in Fortinet Fortiai Firmware An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command. | 8.8 |
| 2021-06-01 | CVE-2021-22123 | OS Command Injection vulnerability in Fortinet Fortiweb An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page. | 8.8 |
| 2021-06-01 | CVE-2020-26670 | OS Command Injection vulnerability in Bigtreecms Bigtree CMS A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function. | 8.8 |
| 2021-06-01 | CVE-2021-24312 | OS Command Injection vulnerability in Automattic WP Super Cache The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. | 7.2 |
| 2021-06-01 | CVE-2021-3515 | OS Command Injection vulnerability in 2Ndquadrant Pglogical A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. | 6.7 |
| 2021-05-27 | CVE-2021-20026 | OS Command Injection vulnerability in Sonicwall Network Security Manager 2.2.0 A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. | 8.8 |
| 2021-05-25 | CVE-2021-30187 | OS Command Injection vulnerability in Codesys Runtime Toolkit 2.4.7.54 CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. | 5.3 |