ReportizFlow
Filtered by vendor
Subscriptions
Total
2150 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51254 | 1 Draytek | 1 Vigor3900 Firmware | 2024-11-01 | 8.8 High |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. | ||||
| CVE-2024-51299 | 1 Draytek | 1 Vigor3900 Firmware | 2024-11-01 | 8.8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. | ||||
| CVE-2024-51301 | 1 Draytek | 1 Vigor3900 Firmware | 2024-11-01 | 8.8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function. | ||||
| CVE-2024-51255 | 1 Draytek | 1 Vigor3900 Firmware | 2024-11-01 | 9.8 Critical |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function. | ||||
| CVE-2024-51257 | 1 Draytek | 1 Vigor3900 Firmware | 2024-11-01 | 8.8 High |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. | ||||
| CVE-2024-48214 | 1 Keruistore | 1 Kerui Hd 3mp 1080p Tuya Camera Firmware | 2024-11-01 | 8.4 High |
| KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data contained within the QR code. By that, the attacker can execute arbitrary code on the camera. | ||||
| CVE-2024-51260 | 1 Draytek | 1 Vigor3900 Firmware | 2024-11-01 | 9.8 Critical |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function. | ||||
| CVE-2024-51258 | 1 Draytek | 1 Vigor3900 Firmware | 2024-11-01 | 8.8 High |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. | ||||
| CVE-2024-51259 | 1 Draytek | 1 Vigor3900 Firmware | 2024-11-01 | 9.8 Critical |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. | ||||
| CVE-2024-41153 | 2 Hitachi Energy, Hitachienergy | 7 Tro600, Tro610, Tro610 Firmware and 4 more | 2024-10-31 | 7.2 High |
| Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. | ||||
| CVE-2024-48145 | 1 Netangular | 1 Chatnet Ai | 2024-10-28 | 9.1 Critical |
| A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-48144 | 1 Fusionchat | 1 Chat Ai Assistant | 2024-10-28 | 9.1 Critical |
| A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-10435 | 1 Didi | 1 Super Jacoco | 2024-10-28 | 6.3 Medium |
| A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-48441 | 1 Whtyglobal | 1 Tianyu Cpe Router Firmware | 2024-10-25 | 8.8 High |
| Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp. | ||||
| CVE-2024-48440 | 1 Tuoshi | 1 5g Cpe Router Nr500-ea Firmware | 2024-10-25 | 8.8 High |
| Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component at_command.asp. | ||||
| CVE-2024-48141 | 1 Zhipu Ai | 1 Codegeex | 2024-10-25 | 7.5 High |
| A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-48140 | 1 Butterflyeffectpte | 1 Monica | 2024-10-25 | 7.5 High |
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-48139 | 1 Blackbox Ai | 1 Blackbox Ai | 2024-10-25 | 7.5 High |
| A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-48142 | 1 Butterflyeffectpte | 1 Monica | 2024-10-25 | 7.5 High |
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-46256 | 1 Nginxproxymanager | 1 Nginx Proxy Manager | 2024-10-24 | 9.8 Critical |
| A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. | ||||