Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-08 | CVE-2024-9380 | OS Command Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | 7.2 |
| 2024-10-08 | CVE-2024-8926 | OS Command Injection vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. | 8.8 |
| 2024-10-04 | CVE-2024-9054 | OS Command Injection vulnerability in Microchip Timeprovider 4100 Firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | 8.8 |
| 2024-10-01 | CVE-2024-47608 | OS Command Injection vulnerability in Definetlynotai Logicytics Logicytics is designed to harvest and collect data for forensic analysis. | 9.8 |
| 2024-09-28 | CVE-2024-23924 | OS Command Injection vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000 Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. | 6.8 |
| 2024-09-28 | CVE-2024-23961 | OS Command Injection vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000 Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. | 6.8 |
| 2024-09-26 | CVE-2024-46628 | OS Command Injection vulnerability in Tendacn G3 Firmware 15.03.05.05 Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. | 9.8 |
| 2024-09-22 | CVE-2024-9076 | OS Command Injection vulnerability in Dedecms A vulnerability was found in DedeCMS up to 5.7.115. | 8.8 |
| 2024-09-19 | CVE-2024-9004 | OS Command Injection vulnerability in Dlink Dar-7000 Firmware A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. | 9.8 |
| 2024-09-19 | CVE-2024-9001 | OS Command Injection vulnerability in Totolink T10 Firmware 4.1.8Cu.5207 A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. | 8.8 |