ReportizFlow
Filtered by vendor
Subscriptions
Total
2539 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41153 | 2 Hitachi Energy, Hitachienergy | 7 Tro600, Tro610, Tro610 Firmware and 4 more | 2024-10-31 | 7.2 High |
| Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. | ||||
| CVE-2024-48145 | 1 Netangular | 1 Chatnet Ai | 2024-10-28 | 9.1 Critical |
| A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-48144 | 1 Fusionchat | 1 Chat Ai Assistant | 2024-10-28 | 9.1 Critical |
| A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-10435 | 1 Didi | 1 Super Jacoco | 2024-10-28 | 6.3 Medium |
| A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-48441 | 1 Whtyglobal | 1 Tianyu Cpe Router Firmware | 2024-10-25 | 8.8 High |
| Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp. | ||||
| CVE-2024-48440 | 1 Tuoshi | 1 5g Cpe Router Nr500-ea Firmware | 2024-10-25 | 8.8 High |
| Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component at_command.asp. | ||||
| CVE-2024-48141 | 1 Zhipu Ai | 1 Codegeex | 2024-10-25 | 7.5 High |
| A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-48140 | 1 Butterflyeffectpte | 1 Monica | 2024-10-25 | 7.5 High |
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-48139 | 1 Blackbox Ai | 1 Blackbox Ai | 2024-10-25 | 7.5 High |
| A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-48142 | 1 Butterflyeffectpte | 1 Monica | 2024-10-25 | 7.5 High |
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-10193 | 1 Wavlink | 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more | 2024-10-23 | 4.7 Medium |
| A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-35285 | 1 Mitel | 1 Micollab Nupoint Messanger | 2024-10-23 | 9.8 Critical |
| A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. | ||||
| CVE-2024-48659 | 1 Dcnglobal | 1 Dcme-320-l Firmware | 2024-10-23 | 9.8 Critical |
| An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. | ||||
| CVE-2024-48904 | 1 Trendmicro | 1 Cloud Edge | 2024-10-23 | 9.8 Critical |
| An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability. | ||||
| CVE-2024-40089 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2024-10-23 | 9.1 Critical |
| A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. | ||||
| CVE-2024-39438 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-10-17 | 6.5 Medium |
| In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2024-39437 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-10-17 | 6.5 Medium |
| In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2024-39436 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-10-17 | 6.5 Medium |
| In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2024-35520 | 1 Netgear | 2 R7000, R7000 Firmware | 2024-10-16 | 8.4 High |
| Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. | ||||
| CVE-2024-44413 | 1 Dlink | 1 Di-8200 Firmware | 2024-10-16 | 8.8 High |
| A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. | ||||