Total
2965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39226 | 1 Gl-inet | 56 A1300, A1300 Firmware, Ap1300 and 53 more | 2024-11-12 | N/A | 9.8 CRITICAL |
| GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API. | |||||
| CVE-2024-43601 | 2 Linux, Microsoft | 2 Linux Kernel, Visual Studio Code | 2024-11-08 | N/A | 7.8 HIGH |
| Visual Studio Code for Linux Remote Code Execution Vulnerability | |||||
| CVE-2024-9579 | 1 Hp | 16 Poly Studio G62, Poly Studio G62 Firmware, Poly Studio G7500 and 13 more | 2024-11-08 | N/A | 7.5 HIGH |
| A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself. | |||||
| CVE-2024-47460 | 2024-11-06 | N/A | 9.0 CRITICAL | ||
| Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2024-48746 | 2024-11-06 | N/A | 9.8 CRITICAL | ||
| An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component | |||||
| CVE-2024-47461 | 2024-11-06 | N/A | 7.2 HIGH | ||
| An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system. | |||||
| CVE-2024-20418 | 2024-11-06 | N/A | 10.0 CRITICAL | ||
| A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device. | |||||
| CVE-2024-42509 | 2024-11-06 | N/A | 9.8 CRITICAL | ||
| Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2024-9793 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2024-11-01 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-48214 | 2024-11-01 | N/A | 8.4 HIGH | ||
| KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data contained within the QR code. By that, the attacker can execute arbitrary code on the camera. | |||||
| CVE-2024-48145 | 2024-10-28 | N/A | 9.1 CRITICAL | ||
| A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48144 | 2024-10-28 | N/A | 9.1 CRITICAL | ||
| A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-10435 | 2024-10-28 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-48441 | 2024-10-25 | N/A | 8.8 HIGH | ||
| Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp. | |||||
| CVE-2024-48440 | 2024-10-25 | N/A | 8.8 HIGH | ||
| Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component at_command.asp. | |||||
| CVE-2024-48141 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48140 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48139 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48142 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-10193 | 1 Wavlink | 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more | 2024-10-23 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||