Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-10-09 CVE-2024-9463 OS Command Injection vulnerability in Paloaltonetworks Expedition
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
network
low complexity
paloaltonetworks CWE-78
7.5
2024-10-09 CVE-2024-9464 OS Command Injection vulnerability in Paloaltonetworks Expedition
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
network
low complexity
paloaltonetworks CWE-78
6.5
2024-10-08 CVE-2024-9380 OS Command Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
network
low complexity
ivanti CWE-78
7.2
2024-10-08 CVE-2024-8926 OS Command Injection vulnerability in PHP-Fpm
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved.
network
low complexity
php-fpm CWE-78
8.8
2024-10-04 CVE-2024-9054 OS Command Injection vulnerability in Microchip Timeprovider 4100 Firmware
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
network
low complexity
microchip CWE-78
8.8
2024-10-01 CVE-2024-47608 OS Command Injection vulnerability in Definetlynotai Logicytics
Logicytics is designed to harvest and collect data for forensic analysis.
network
low complexity
definetlynotai CWE-78
critical
9.8
2024-09-28 CVE-2024-23924 OS Command Injection vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000
Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability.
low complexity
alpsalpine CWE-78
6.8
2024-09-28 CVE-2024-23961 OS Command Injection vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000
Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability.
low complexity
alpsalpine CWE-78
6.8
2024-09-26 CVE-2024-46628 OS Command Injection vulnerability in Tendacn G3 Firmware 15.03.05.05
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.
network
low complexity
tendacn CWE-78
critical
9.8
2024-09-22 CVE-2024-9076 OS Command Injection vulnerability in Dedecms
A vulnerability was found in DedeCMS up to 5.7.115.
network
low complexity
dedecms CWE-78
8.8