Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-03 | CVE-2023-52310 | OS Command Injection vulnerability in Paddlepaddle PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. | 9.8 |
| 2024-01-03 | CVE-2023-52311 | OS Command Injection vulnerability in Paddlepaddle PaddlePaddle before 2.6.0 has a command injection in _wget_download. | 9.8 |
| 2024-01-03 | CVE-2023-52314 | OS Command Injection vulnerability in Paddlepaddle PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. | 9.8 |
| 2024-01-01 | CVE-2023-50094 | OS Command Injection vulnerability in Yogeshojha Rengine reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. | 8.8 |
| 2023-12-30 | CVE-2023-50651 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. | 9.8 |
| 2023-12-29 | CVE-2023-4464 | OS Command Injection vulnerability in Poly products A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. | 7.2 |
| 2023-12-28 | CVE-2023-50445 | OS Command Injection vulnerability in Gl-Inet products Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module. | 7.8 |
| 2023-12-27 | CVE-2023-7116 | OS Command Injection vulnerability in Datax-Web Project Datax-Web 2.1.2 A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. | 9.8 |
| 2023-12-26 | CVE-2023-51094 | OS Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. | 9.8 |
| 2023-12-26 | CVE-2023-51098 | OS Command Injection vulnerability in Tenda W9 Firmware 1.0.0.7(4456)Cn Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo . | 9.8 |