Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-20399 | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. | 6.7 |
| 2024-06-24 | CVE-2024-4748 | OS Command Injection vulnerability in J11G Cruddiy The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. | 7.8 |
| 2024-06-24 | CVE-2024-37091 | OS Command Injection vulnerability in Stylemixthemes Consulting Elementor Widgets Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2. | 8.8 |
| 2024-06-24 | CVE-2024-3121 | OS Command Injection vulnerability in Lollms 5.9.0 A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. | 3.3 |
| 2024-06-09 | CVE-2024-4577 | OS Command Injection vulnerability in multiple products In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. | 9.8 |
| 2024-05-16 | CVE-2024-30314 | OS Command Injection vulnerability in Adobe Dreamweaver Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. | 7.8 |
| 2024-05-03 | CVE-2023-51625 | OS Command Injection vulnerability in Dlink Dcs-8300Lhv2 Firmware D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability. | 8.0 |
| 2024-05-03 | CVE-2023-40479 | OS Command Injection vulnerability in Netgear Rax30 Firmware NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. | 8.8 |
| 2024-05-03 | CVE-2023-40480 | OS Command Injection vulnerability in Netgear Rax30 Firmware NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability. | 8.8 |
| 2024-05-03 | CVE-2023-27356 | OS Command Injection vulnerability in Netgear Rax30 Firmware and Raxe300 Firmware NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. | 8.0 |