Total
789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9793 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2024-11-01 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-48145 | 2024-10-28 | N/A | 9.1 CRITICAL | ||
| A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48144 | 2024-10-28 | N/A | 9.1 CRITICAL | ||
| A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48659 | 2024-10-23 | N/A | 9.8 CRITICAL | ||
| An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. | |||||
| CVE-2024-48904 | 2024-10-23 | N/A | 9.8 CRITICAL | ||
| An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability. | |||||
| CVE-2024-44400 | 1 Dlink | 2 Di-8400, Di-8400 Firmware | 2024-10-11 | N/A | 9.8 CRITICAL |
| A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. | |||||
| CVE-2024-7575 | 1 Telerik | 1 Ui For Wpf | 2024-10-03 | N/A | 9.8 CRITICAL |
| In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | |||||
| CVE-2024-43693 | 1 Doverfuelingsolutions | 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more | 2024-10-01 | N/A | 9.8 CRITICAL |
| A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. | |||||
| CVE-2024-45066 | 1 Doverfuelingsolutions | 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more | 2024-10-01 | N/A | 9.8 CRITICAL |
| A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. | |||||
| CVE-2024-45682 | 1 Millbeck | 2 Proroute H685t-w, Proroute H685t-w Firmware | 2024-09-27 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. | |||||
| CVE-2024-42505 | 2024-09-26 | N/A | 9.8 CRITICAL | ||
| Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2024-42506 | 2024-09-26 | N/A | 9.8 CRITICAL | ||
| Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2024-42507 | 2024-09-26 | N/A | 9.8 CRITICAL | ||
| Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2023-36103 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-09-24 | N/A | 9.8 CRITICAL |
| Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request. | |||||
| CVE-2024-46048 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2024-09-20 | N/A | 9.8 CRITICAL |
| Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i | |||||
| CVE-2024-7029 | 1 Avtech | 2 Avm1203, Avm1203 Firmware | 2024-09-17 | N/A | 9.8 CRITICAL |
| Commands can be injected over the network and executed without authentication. | |||||
| CVE-2024-44466 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-09-13 | N/A | 9.8 CRITICAL |
| COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface. | |||||
| CVE-2024-8073 | 1 Hillstonenet | 1 Web Application Firewall | 2024-09-12 | N/A | 9.8 CRITICAL |
| Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: fromĀ 5.5R6-2.6.7 through 5.5R6-2.8.13. | |||||
| CVE-2024-44401 | 1 Dlink | 2 Di-8100g, Di-8100g Firmware | 2024-09-12 | N/A | 9.8 CRITICAL |
| D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file | |||||
| CVE-2024-44410 | 1 Dlink | 2 Di-8300, Di-8300 Firmware | 2024-09-10 | N/A | 9.8 CRITICAL |
| D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. | |||||