Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-28 | CVE-2024-39351 | OS Command Injection vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. | 7.2 |
| 2024-06-24 | CVE-2024-4748 | OS Command Injection vulnerability in J11G Cruddiy The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. | 7.8 |
| 2024-06-24 | CVE-2024-37091 | OS Command Injection vulnerability in Stylemixthemes Consulting Elementor Widgets Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2. | 8.8 |
| 2024-06-24 | CVE-2024-3121 | OS Command Injection vulnerability in Lollms 5.9.0 A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. | 3.3 |
| 2024-06-09 | CVE-2024-4577 | OS Command Injection vulnerability in multiple products In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. | 9.8 |
| 2024-05-23 | CVE-2024-5295 | OS Command Injection vulnerability in Dlink G416 Firmware 1.08B02 D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. | 8.8 |
| 2024-05-16 | CVE-2024-30314 | OS Command Injection vulnerability in Adobe Dreamweaver Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. | 7.8 |
| 2024-05-03 | CVE-2023-50198 | OS Command Injection vulnerability in Dlink G416 Firmware 1.08B02 D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerability. | 8.8 |
| 2024-05-03 | CVE-2023-50200 | OS Command Injection vulnerability in Dlink G416 Firmware 1.08B02 D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vulnerability. | 8.8 |
| 2024-05-03 | CVE-2023-50201 | OS Command Injection vulnerability in Dlink G416 Firmware 1.08B02 D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability. | 8.8 |