Total
1844 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48214 | 2024-11-01 | N/A | 8.4 HIGH | ||
| KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data contained within the QR code. By that, the attacker can execute arbitrary code on the camera. | |||||
| CVE-2024-41153 | 1 Hitachienergy | 6 Tro610, Tro610 Firmware, Tro620 and 3 more | 2024-10-31 | N/A | 7.2 HIGH |
| Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. | |||||
| CVE-2024-48145 | 2024-10-28 | N/A | 9.1 CRITICAL | ||
| A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48144 | 2024-10-28 | N/A | 9.1 CRITICAL | ||
| A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-10435 | 2024-10-28 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-48441 | 2024-10-25 | N/A | 8.8 HIGH | ||
| Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp. | |||||
| CVE-2024-48440 | 2024-10-25 | N/A | 8.8 HIGH | ||
| Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component at_command.asp. | |||||
| CVE-2024-48141 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48140 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48139 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48142 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-46256 | 2024-10-24 | N/A | 9.8 CRITICAL | ||
| A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. | |||||
| CVE-2024-10193 | 1 Wavlink | 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more | 2024-10-23 | 5.8 MEDIUM | 7.2 HIGH |
| A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-40089 | 2024-10-23 | N/A | 9.1 CRITICAL | ||
| A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. | |||||
| CVE-2024-48659 | 2024-10-23 | N/A | 9.8 CRITICAL | ||
| An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. | |||||
| CVE-2024-48904 | 2024-10-23 | N/A | 9.8 CRITICAL | ||
| An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability. | |||||
| CVE-2024-35285 | 2024-10-23 | N/A | 9.8 CRITICAL | ||
| A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. | |||||
| CVE-2024-43497 | 1 Microsoft | 1 Deepspeed | 2024-10-17 | N/A | 7.8 HIGH |
| DeepSpeed Remote Code Execution Vulnerability | |||||
| CVE-2024-48153 | 2024-10-17 | N/A | 9.8 CRITICAL | ||
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. | |||||
| CVE-2024-39438 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-10-17 | N/A | 6.7 MEDIUM |
| In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. | |||||