Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-24 | CVE-2024-3121 | OS Command Injection vulnerability in Lollms 5.9.0 A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. | 3.3 |
| 2024-06-20 | CVE-2024-6185 | OS Command Injection vulnerability in Ruijie Rg-Uac Firmware 1.0 A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. | 8.8 |
| 2024-06-17 | CVE-2024-6047 | Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. | 9.8 |
| 2024-06-09 | CVE-2024-4577 | OS Command Injection vulnerability in multiple products In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. | 9.8 |
| 2024-06-06 | CVE-2024-1880 | OS Command Injection vulnerability in Agpt Autogpt An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. | 7.8 |
| 2024-06-06 | CVE-2024-1881 | OS Command Injection vulnerability in Agpt Autogpt 0.5.0 AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. | 9.8 |
| 2024-06-06 | CVE-2024-2359 | OS Command Injection vulnerability in Lollms web UI 9.3 A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. | 9.8 |
| 2024-06-06 | CVE-2024-3104 | OS Command Injection vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. | 9.8 |
| 2024-06-06 | CVE-2024-36394 | OS Command Injection vulnerability in Sysaid SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 9.8 |
| 2024-06-04 | CVE-2024-29972 | ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | 9.8 |