Total
937 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48141 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48140 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48139 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48142 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-10193 | 1 Wavlink | 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more | 2024-10-23 | 5.8 MEDIUM | 7.2 HIGH |
| A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-43497 | 1 Microsoft | 1 Deepspeed | 2024-10-17 | N/A | 7.8 HIGH |
| DeepSpeed Remote Code Execution Vulnerability | |||||
| CVE-2024-44413 | 2024-10-15 | N/A | 8.8 HIGH | ||
| A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. | |||||
| CVE-2024-7840 | 1 Progress | 1 Telerik Reporting | 2024-10-15 | N/A | 7.8 HIGH |
| In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. | |||||
| CVE-2024-39563 | 2024-10-15 | N/A | 7.3 HIGH | ||
| A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device. A specific script in the Junos Space web application allows attacker-controlled input from a GET request without sufficient input sanitization. A specially crafted request can exploit this vulnerability to execute arbitrary shell commands on the Junos Space Appliance. This issue affects Junos Space 24.1R1. Previous versions of Junos Space are unaffected by this vulnerability. | |||||
| CVE-2024-47562 | 1 Siemens | 1 Sinec Security Monitor | 2024-10-11 | N/A | 8.8 HIGH |
| A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS. | |||||
| CVE-2024-9380 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-10-10 | N/A | 7.2 HIGH |
| An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | |||||
| CVE-2023-37154 | 2024-10-10 | N/A | 8.4 HIGH | ||
| check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior. | |||||
| CVE-2024-20365 | 1 Cisco | 1 Unified Computing System | 2024-10-08 | N/A | 7.2 HIGH |
| A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root. | |||||
| CVE-2024-20432 | 1 Cisco | 1 Nexus Dashboard Fabric Controller | 2024-10-08 | N/A | 8.8 HIGH |
| A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI. A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges. Note: This vulnerability does not affect Cisco NDFC when it is configured for storage area network (SAN) controller deployment. | |||||
| CVE-2023-26315 | 1 Mi | 2 Ax9000, Ax9000 Firmware | 2024-10-08 | N/A | 8.8 HIGH |
| The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device. | |||||
| CVE-2024-7679 | 1 Telerik | 1 Ui For Wpf | 2024-10-01 | N/A | 7.8 HIGH |
| In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | |||||
| CVE-2023-47563 | 1 Qnap | 1 Video Station | 2024-09-28 | N/A | 8.8 HIGH |
| An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later | |||||
| CVE-2024-42025 | 1 Ui | 1 Unifi Network Application | 2024-09-28 | N/A | 7.8 HIGH |
| A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device. | |||||
| CVE-2024-0005 | 1 Purestorage | 2 Purity\/\/fa, Purity\/\/fb | 2024-09-27 | N/A | 8.8 HIGH |
| A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | |||||
| CVE-2024-33508 | 1 Fortinet | 1 Forticlient Enterprise Management Server | 2024-09-20 | N/A | 7.3 HIGH |
| An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests. | |||||