Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-27 | CVE-2018-25083 | OS Command Injection vulnerability in Pull IT Project Pull IT The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name. | 9.8 |
| 2023-03-24 | CVE-2022-28495 | OS Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566B20171026 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | 9.8 |
| 2023-03-23 | CVE-2022-28491 | OS Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566B20171026 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. | 9.8 |
| 2023-03-23 | CVE-2022-28494 | OS Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566B20171026 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. | 9.8 |
| 2023-03-21 | CVE-2022-37337 | OS Command Injection vulnerability in Netgear Rbs750 Firmware 4.6.8.5 A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. | 8.8 |
| 2023-03-19 | CVE-2023-28617 | OS Command Injection vulnerability in GNU ORG Mode org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. | 7.8 |
| 2023-03-16 | CVE-2023-25280 | OS Command Injection vulnerability in Dlink Dir820La1 Firmware 105B03 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. | 9.8 |
| 2023-03-14 | CVE-2023-28343 | OS Command Injection vulnerability in Apsystems Energy Communication Unit Firmware C1.2.5 OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php. | 9.8 |
| 2023-03-14 | CVE-2023-25617 | OS Command Injection vulnerability in SAP Business Objects Business Intelligence Platform 420/430 SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. | 8.8 |
| 2023-03-13 | CVE-2023-25279 | OS Command Injection vulnerability in Dlink Dir-820L Firmware 105B03 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. | 9.8 |