Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-29 | CVE-2022-43633 | OS Command Injection vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
| 2023-03-28 | CVE-2023-27394 | OS Command Injection vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. | 9.8 |
| 2023-03-28 | CVE-2023-27886 | OS Command Injection vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. | 9.8 |
| 2023-03-27 | CVE-2018-25083 | OS Command Injection vulnerability in Pull IT Project Pull IT The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name. | 9.8 |
| 2023-03-24 | CVE-2022-28495 | OS Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566B20171026 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | 9.8 |
| 2023-03-23 | CVE-2022-28491 | OS Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566B20171026 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. | 9.8 |
| 2023-03-23 | CVE-2022-28494 | OS Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566B20171026 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. | 9.8 |
| 2023-03-19 | CVE-2023-28617 | OS Command Injection vulnerability in GNU ORG Mode org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. | 7.8 |
| 2023-03-16 | CVE-2023-25280 | OS Command Injection vulnerability in Dlink Dir820La1 Firmware 105B03 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. | 9.8 |
| 2023-03-14 | CVE-2023-28343 | OS Command Injection vulnerability in Apsystems Energy Communication Unit Firmware C1.2.5 OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php. | 9.8 |