CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

906 matches found

Positive Technologies•added 2024/11/14 12:0 a.m.•2 views

PT-2024-35222 · Openai · Openai Gpt-4

Name of the Vulnerable Software and Affected Versions: Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation versions n/a through 2.4.9 Description: The issue allows for the unrestricted upload of files with dangerous types, potentially enabling the upload of a web shell to a we...

9.9CVSS9.8AI score0.00889EPSS

Exploits0References5

OSV•added 2024/10/01 5:1 p.m.•7 views

CVE-2024-47608 Logicytics vulnerable to shell injections

Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2...

6.9CVSS6.9AI score0.0077EPSS

Exploits0References4

Cvelist•added 2024/10/01 5:1 p.m.•15 views

CVE-2024-47608 Logicytics vulnerable to shell injections

Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2...

6.9CVSS0.0077EPSS

Exploits0References2

CVE•added 2024/10/01 5:1 p.m.•40 views

CVE-2024-47608

CVE-2024-47608 applies to Logicytics, a data-harvesting/forensic-analysis tool. Connected sources confirm a shell/OS command injection vulnerability in versions prior to 2.3.2, with the root cause being shell injection points that could allow arbitrary command execution on compromised devices. Th...

9.8CVSS9.3AI score0.0077EPSS

Exploits0References2Affected Software1

CNNVD•added 2024/10/01 12:0 a.m.•2 views

Logicytics 操作系统命令注入漏洞

Logicytics is a tool from Shahm Najeeb's personal developer. Designed to carefully gather and collect large amounts of Windows system data for forensic analysis. Logicytics 2.3.1 and earlier versions suffer from an operating system command injection vulnerability that stems from the presence of a...

9.8CVSS7.5AI score0.0077EPSS

Exploits0References3

Positive Technologies•added 2024/10/01 12:0 a.m.•3 views

PT-2024-32669 · Unknown · Logicytics

Name of the Vulnerable Software and Affected Versions: Logicytics versions prior to 2.3.2 Description: Logicytics is designed to harvest and collect data for forensic analysis. It has a basic vulnerability affecting compromised devices from shell injections. Recommendations: For versions prior to...

9.8CVSS7.6AI score0.0077EPSS

Exploits0References7

Positive Technologies•added 2024/08/08 12:0 a.m.•1 views

PT-2024-27087 · Kaon · Kaon Ar2140

Name of the Vulnerable Software and Affected Versions: KAON AR2140 routers versions prior to 4.2.16 Description: The issue is related to a shell command injection vulnerability. It can be exploited by sending a crafted request to one of the endpoints, but access to the administrative portal of th...

7.2CVSS7.7AI score0.00441EPSS

Exploits0References6

NVD•added 2024/08/06 5:15 p.m.•12 views

CVE-2024-39227

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This...

9.8CVSS0.01089EPSS

Exploits1References1

OSV•added 2024/08/06 4:15 p.m.•0 views

CVE-2024-39228

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface...

9.8CVSS5.8AI score

Exploits0References1

NVD•added 2024/08/06 4:15 p.m.•13 views

CVE-2024-39228

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface...

9.8CVSS0.00191EPSS

Exploits1References1

SUSE CVE•added 2024/08/06 2:0 a.m.•3 views

SUSE CVE-2024-41815

Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...

7.4CVSS7.3AI score0.00387EPSS

Exploits1References3

CNNVD•added 2024/08/06 12:0 a.m.•1 views

GL.iNet多款产品注入漏洞

GL.iNet AR750S and others are products of China's Guanglian Intelligent Communication GL.iNet company.GL.iNet AR750S is a router.GL.iNet AR750 is a router.GL.iNet AR300M is a router.The vulnerability is caused by a shell injection vulnerability in the checkovpnclientconfig interface.The...

9.8CVSS7.2AI score0.01089EPSS

Exploits1References3

CVE•added 2024/08/06 12:0 a.m.•46 views

CVE-2024-39228

GL.iNet firmware for multiple models (AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11; MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16; XE300 v4.3.16; E750 v4.3.12; AP1300/S1300 v4.3.13; XE3000/X3000 v4.4) contains a shell injection vulnerability via the interfaces check...

9.8CVSS9.7AI score0.00191EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2024/08/06 12:0 a.m.•19 views

CVE-2024-39227

10AI score0.01089EPSS

Exploits1References1

Vulnrichment•added 2024/08/06 12:0 a.m.•10 views

CVE-2024-39228

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface...

9.7AI score0.00191EPSS

Exploits1References1

Positive Technologies•added 2024/08/06 12:0 a.m.•1 views

PT-2024-28400 · Gl.Inet · Mt300N-V2 +19

Name of the Vulnerable Software and Affected Versions: GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 version 4.3.11 GL-iNet products MT3000/MT2500/AXT1800/AX1800/A1300/X300B version 4.5.16 GL-iNet products XE300 version 4.3.16 GL-iNet products E750 version 4.3....

9.8CVSS7.6AI score0.00191EPSS

Exploits1References2

CVE•added 2024/08/06 12:0 a.m.•28 views

CVE-2024-39227

CVE-2024-39227 affects GL.iNet routers (AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11; MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16; XE300 v4.3.16; E750 v4.3.12; AP1300/S1300 v4.3.13; XE3000/X3000 v4.4). An insecure permission issue in endpoint /cgi-bin/glc allows u...

9.8CVSS10AI score0.01089EPSS

Exploits1References1Affected Software1

Cvelist•added 2024/08/06 12:0 a.m.•15 views

CVE-2024-39228

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface...

0.00191EPSS

Exploits1References1

Cvelist•added 2024/08/06 12:0 a.m.•15 views

CVE-2024-39227

0.01089EPSS

Exploits1References1

Github Security Blog•added 2024/07/26 9:24 p.m.•15 views

Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands

Description Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Version 1.20.0 fixes the...

7.4CVSS6.9AI score0.00387EPSS

Exploits1References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by