Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-27 | CVE-2023-6304 | OS Command Injection vulnerability in Tecno-Mobile Tr118 Firmware Tr118M30Errdenfrarswhapoopv00820220830 A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. | 8.0 |
| 2023-11-21 | CVE-2023-4149 | OS Command Injection vulnerability in Wago products A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. | 9.8 |
| 2023-11-20 | CVE-2023-35762 | OS Command Injection vulnerability in Inea ME RTU Firmware 3.36/3.36B Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution. | 9.8 |
| 2023-11-17 | CVE-2023-47675 | OS Command Injection vulnerability in Cubecart CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | 7.2 |
| 2023-11-16 | CVE-2023-6019 | OS Command Injection vulnerability in RAY Project RAY A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. | 9.8 |
| 2023-11-16 | CVE-2023-6018 | OS Command Injection vulnerability in Lfprojects Mlflow An attacker can overwrite any file on the server hosting MLflow without any authentication. | 9.8 |
| 2023-11-16 | CVE-2023-43752 | OS Command Injection vulnerability in Elecom products OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. | 8.0 |
| 2023-11-14 | CVE-2023-36553 | OS Command Injection vulnerability in Fortinet Fortisiem A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests. | 9.8 |
| 2023-11-13 | CVE-2023-5037 | OS Command Injection vulnerability in Hanwhavision products badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. | 7.2 |
| 2023-11-10 | CVE-2023-39295 | OS Command Injection vulnerability in Qnap Qumagie An OS command injection vulnerability has been reported to affect QuMagie. | 8.8 |