Vulnerabilities (CVE)

Filtered by CWE-77
Total 3412 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-48841 2026-06-17 N/A 10.0 CRITICAL
Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.
CVE-2024-48830 1 Dell 1 Smartfabric Os10 2026-06-17 N/A 7.8 HIGH
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
CVE-2024-48747 2026-06-17 N/A 6.8 MEDIUM
An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file.
CVE-2024-48746 2026-06-17 N/A 9.8 CRITICAL
An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component
CVE-2024-48659 1 Dcnetworks 2 Dcme-320-l, Dcme-320-l Firmware 2026-06-17 N/A 9.8 CRITICAL
An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component.
CVE-2024-48441 2026-06-17 N/A 8.8 HIGH
Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp.
CVE-2024-48440 2026-06-17 N/A 8.8 HIGH
Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component at_command.asp.
CVE-2024-48288 1 Tp-link 2 Tl-ipc42c, Tl-ipc42c Firmware 2026-06-17 N/A 8.0 HIGH
TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend.
CVE-2024-48286 1 Linksys 2 E3000, E3000 Firmware 2026-06-17 N/A 8.0 HIGH
Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function.
CVE-2024-48214 2026-06-17 N/A 8.4 HIGH
KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data contained within the QR code. By that, the attacker can execute arbitrary code on the camera.
CVE-2024-48153 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2026-06-17 N/A 9.8 CRITICAL
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.
CVE-2024-48145 2026-06-17 N/A 9.1 CRITICAL
A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48144 2026-06-17 N/A 9.1 CRITICAL
A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48142 2026-06-17 N/A 7.5 HIGH
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48141 2026-06-17 N/A 7.5 HIGH
A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48140 2026-06-17 N/A 7.5 HIGH
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48139 2026-06-17 N/A 7.5 HIGH
A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48017 1 Dell 1 Smartfabric Os10 2026-06-17 N/A 6.5 MEDIUM
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
CVE-2024-48015 1 Dell 1 Smartfabric Os10 2026-06-17 N/A 6.7 MEDIUM
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
CVE-2024-47562 1 Siemens 1 Sinec Security Monitor 2026-06-17 N/A 8.8 HIGH
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS.