Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-08-05 CVE-2024-7468 OS Command Injection vulnerability in Raisecom products
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90.
network
low complexity
raisecom CWE-78
critical
9.8
2024-08-02 CVE-2024-38887 OS Command Injection vulnerability in Horizoncloud Caterease
An issue in Horizon Business Services Inc.
network
low complexity
horizoncloud CWE-78
critical
9.8
2024-08-02 CVE-2024-33896 OS Command Injection vulnerability in Hms-Networks Ewon Cosy+ Firmware
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting.
network
low complexity
hms-networks CWE-78
7.2
2024-07-28 CVE-2024-7171 OS Command Injection vulnerability in Totolink A3600R Firmware 4.1.2Cu.5182B20201102
A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102.
network
low complexity
totolink CWE-78
8.8
2024-07-26 CVE-2024-41815 OS Command Injection vulnerability in Starship
Starship is a cross-shell prompt.
local
high complexity
starship CWE-78
7.0
2024-07-25 CVE-2024-24622 OS Command Injection vulnerability in Softaculous Webuzo
Softaculous Webuzo contains a command injection in the password reset functionality.
network
low complexity
softaculous CWE-78
8.8
2024-07-25 CVE-2024-24623 OS Command Injection vulnerability in Softaculous Webuzo
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality.
network
low complexity
softaculous CWE-78
8.8
2024-07-25 CVE-2024-41468 OS Command Injection vulnerability in Tendacn Fh1201 Firmware 1.2.0.14
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand
network
low complexity
tendacn CWE-78
critical
9.8
2024-07-25 CVE-2024-41473 OS Command Injection vulnerability in Tendacn Fh1201 Firmware 1.2.0.14
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac
network
low complexity
tendacn CWE-78
critical
9.8
2024-07-24 CVE-2024-41136 OS Command Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface.
network
low complexity
arubanetworks CWE-78
8.8