Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-04-04 CVE-2023-3454 OS Command Injection vulnerability in Broadcom Fabric Operating System
Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.
network
low complexity
broadcom CWE-78
critical
9.8
2024-04-02 CVE-2024-2389 OS Command Injection vulnerability in Progress Flowmon
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
network
low complexity
progress CWE-78
critical
9.8
2024-03-22 CVE-2024-29185 OS Command Injection vulnerability in Freescout
FreeScout is a self-hosted help desk and shared mailbox.
network
high complexity
freescout CWE-78
critical
9.0
2024-03-22 CVE-2024-2448 OS Command Injection vulnerability in Progress Loadmaster 7.1.35.10/7.2.48.10
An OS command injection vulnerability has been identified in LoadMaster.  An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.
network
low complexity
progress CWE-78
8.8
2024-03-15 CVE-2023-51699 OS Command Injection vulnerability in Linuxfoundation Fluid
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications.
local
low complexity
linuxfoundation CWE-78
6.0
2024-03-11 CVE-2024-28187 OS Command Injection vulnerability in Saitodev SOY CMS 1.8.15/3.14.0/3.14.1
SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops.
network
low complexity
saitodev CWE-78
7.2
2024-02-23 CVE-2024-1683 OS Command Injection vulnerability in Tenable Identity Exposure
A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.
local
low complexity
tenable CWE-78
7.3
2024-02-22 CVE-2023-51450 OS Command Injection vulnerability in Basercms
baserCMS is a website development framework.
network
high complexity
basercms CWE-78
8.1
2024-02-21 CVE-2024-1212 OS Command Injection vulnerability in Progress Loadmaster
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
network
low complexity
progress CWE-78
critical
9.8
2024-02-20 CVE-2024-1297 OS Command Injection vulnerability in Loomio 2.22.0
Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection.
network
low complexity
loomio CWE-78
critical
9.8