Total
1813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51255 | 2024-11-01 | N/A | 9.8 CRITICAL | ||
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function. | |||||
| CVE-2024-51296 | 2024-11-01 | N/A | 8.8 HIGH | ||
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. | |||||
| CVE-2024-51257 | 2024-11-01 | N/A | 8.8 HIGH | ||
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. | |||||
| CVE-2024-51300 | 2024-11-01 | N/A | 8.8 HIGH | ||
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function. | |||||
| CVE-2024-51299 | 2024-11-01 | N/A | 8.8 HIGH | ||
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. | |||||
| CVE-2024-51301 | 2024-11-01 | N/A | 8.8 HIGH | ||
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function. | |||||
| CVE-2024-51258 | 2024-11-01 | N/A | 8.8 HIGH | ||
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. | |||||
| CVE-2024-51259 | 2024-11-01 | N/A | 9.8 CRITICAL | ||
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. | |||||
| CVE-2024-41153 | 1 Hitachienergy | 6 Tro610, Tro610 Firmware, Tro620 and 3 more | 2024-10-31 | N/A | 7.2 HIGH |
| Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. | |||||
| CVE-2024-48145 | 2024-10-28 | N/A | 9.1 CRITICAL | ||
| A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48144 | 2024-10-28 | N/A | 9.1 CRITICAL | ||
| A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-10435 | 2024-10-28 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-48441 | 2024-10-25 | N/A | 8.8 HIGH | ||
| Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp. | |||||
| CVE-2024-48440 | 2024-10-25 | N/A | 8.8 HIGH | ||
| Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component at_command.asp. | |||||
| CVE-2024-48141 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48140 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48139 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-48142 | 2024-10-25 | N/A | 7.5 HIGH | ||
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | |||||
| CVE-2024-46256 | 2024-10-24 | N/A | 9.8 CRITICAL | ||
| A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. | |||||
| CVE-2024-10193 | 1 Wavlink | 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more | 2024-10-23 | 5.8 MEDIUM | 7.2 HIGH |
| A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||