Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-27 | CVE-2018-25083 | OS Command Injection vulnerability in Pull IT Project Pull IT The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name. | 9.8 |
| 2023-03-24 | CVE-2022-28495 | OS Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566B20171026 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | 9.8 |
| 2023-03-23 | CVE-2022-28491 | OS Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566B20171026 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. | 9.8 |
| 2023-03-23 | CVE-2022-28494 | OS Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566B20171026 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. | 9.8 |
| 2023-03-19 | CVE-2023-28617 | OS Command Injection vulnerability in GNU ORG Mode org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. | 7.8 |
| 2023-03-16 | CVE-2023-25280 | OS Command Injection vulnerability in Dlink Dir820La1 Firmware 105B03 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. | 9.8 |
| 2023-03-14 | CVE-2023-28343 | OS Command Injection vulnerability in Apsystems Energy Communication Unit Firmware C1.2.5 OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php. | 9.8 |
| 2023-03-13 | CVE-2023-25279 | OS Command Injection vulnerability in Dlink Dir-820L Firmware 105B03 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. | 9.8 |
| 2023-03-13 | CVE-2023-24762 | OS Command Injection vulnerability in Dlink Dir-867 Firmware 1.30B07 OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1. | 9.8 |
| 2023-03-09 | CVE-2023-27985 | OS Command Injection vulnerability in GNU Emacs 28.1/28.2 emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. | 7.8 |