Total
2084 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10435 | 1 Didi | 1 Super Jacoco | 2024-10-28 | 6.3 Medium |
| A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-34215 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-10-28 | 7.2 High |
| TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices. | ||||
| CVE-2023-34214 | 1 Moxa | 7 Edr-810, Edr-g902, Edr-g903 and 4 more | 2024-10-28 | 7.2 High |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. | ||||
| CVE-2023-34213 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-10-28 | 8.8 High |
| TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices. | ||||
| CVE-2023-33239 | 1 Moxa | 9 Edr-810, Edr-g9010, Edr-g902 and 6 more | 2024-10-28 | 8.8 High |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices. | ||||
| CVE-2023-33238 | 1 Moxa | 8 Edr-810, Edr-g9010, Edr-g902 and 5 more | 2024-10-28 | 7.2 High |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices. | ||||
| CVE-2024-48441 | 1 Whtyglobal | 1 Tianyu Cpe Router Firmware | 2024-10-25 | 8.8 High |
| Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp. | ||||
| CVE-2024-48440 | 1 Tuoshi | 1 5g Cpe Router Nr500-ea Firmware | 2024-10-25 | 8.8 High |
| Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component at_command.asp. | ||||
| CVE-2024-48141 | 1 Zhipu Ai | 1 Codegeex | 2024-10-25 | 7.5 High |
| A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-48140 | 1 Butterflyeffectpte | 1 Monica | 2024-10-25 | 7.5 High |
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-48139 | 1 Blackbox Ai | 1 Blackbox Ai | 2024-10-25 | 7.5 High |
| A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-37570 | 1 Mitel | 4 6869i Sip, 6869i Sip Firmware, Rev00 6868i and 1 more | 2024-10-25 | 8.8 High |
| On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution. | ||||
| CVE-2024-48142 | 1 Butterflyeffectpte | 1 Monica | 2024-10-25 | 7.5 High |
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2022-20926 | 1 Cisco | 1 Firepower Management Center | 2024-10-25 | 6.3 Medium |
| A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit this vulnerability by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute arbitrary commands on the device with low system privileges. To successfully exploit this vulnerability, an attacker would need valid credentials for a user with Device permissions: by default, only Administrators, Security Approvers and Network Admins user accounts have these permissions. | ||||
| CVE-2023-20097 | 1 Cisco | 61 Aironet 1540, Aironet 1542d, Aironet 1542i and 58 more | 2024-10-25 | 4.6 Medium |
| A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP. | ||||
| CVE-2023-20219 | 1 Cisco | 1 Firepower Management Center | 2024-10-24 | 7.2 High |
| Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device. | ||||
| CVE-2023-20220 | 1 Cisco | 1 Firepower Management Center | 2024-10-24 | 7.2 High |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device, including on the underlying operating system, which could also affect the availability of the device. | ||||
| CVE-2024-46256 | 1 Nginxproxymanager | 1 Nginx Proxy Manager | 2024-10-24 | 9.8 Critical |
| A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. | ||||
| CVE-2023-34960 | 1 Chamilo | 1 Chamilo | 2024-10-23 | 9.8 Critical |
| A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. | ||||
| CVE-2023-20209 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-10-23 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges. | ||||