Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-51378 | OS Command Injection vulnerability in Cyberpanel getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. | 9.8 |
| 2024-10-29 | CVE-2024-22065 | OS Command Injection vulnerability in ZTE Mf258K PRO Firmware 1.0.0B03 There is a command injection vulnerability in ZTE MF258 Pro product. | 8.8 |
| 2024-10-25 | CVE-2024-37845 | OS Command Injection vulnerability in Radixiot Mango MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature. | 7.2 |
| 2024-10-23 | CVE-2024-48963 | OS Command Injection vulnerability in Snyk CLI The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. | 9.8 |
| 2024-10-23 | CVE-2024-20424 | OS Command Injection vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient input validation of certain HTTP requests. | 9.9 |
| 2024-10-23 | CVE-2024-47901 | OS Command Injection vulnerability in Siemens products A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). | 9.8 |
| 2024-10-21 | CVE-2024-10202 | OS Command Injection vulnerability in Wellchoose Administrative Management System Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. | 8.8 |
| 2024-10-18 | CVE-2024-10119 | OS Command Injection vulnerability in ZTE Wrtm326 Firmware The wireless router WRTM326 from SECOM does not properly validate a specific parameter. | 9.8 |
| 2024-10-18 | CVE-2024-10118 | SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. | 9.8 |
| 2024-10-17 | CVE-2005-10003 | OS Command Injection vulnerability in Mikexstudios Xcomic A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. | 9.8 |