Search Results (6705 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-9145 2026-04-15 N/A
Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder" within Visual Studio Code, and initiates a manual scan of the file.
CVE-2024-47969 2026-04-15 6.2 Medium
Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.
CVE-2024-48140 1 Butterflyeffectpte 1 Monica 2026-04-15 7.5 High
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48141 1 Zhipu Ai 1 Codegeex 2026-04-15 7.5 High
A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48145 1 Netangular 1 Chatnet Ai 2026-04-15 9.1 Critical
A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48746 1 Lensvisual 1 Lensvisual 2026-04-15 9.8 Critical
An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component
CVE-2024-48747 1 Alist Project 1 Alist 2026-04-15 6.8 Medium
An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file.
CVE-2024-44413 1 Dlink 1 Di-8200 Firmware 2026-04-15 8.8 High
A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.
CVE-2024-48214 1 Keruistore 1 Kerui Hd 3mp 1080p Tuya Camera Firmware 2026-04-15 8.4 High
KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data contained within the QR code. By that, the attacker can execute arbitrary code on the camera.
CVE-2024-0760 1 Isc 1 Bind 2026-04-15 7.5 High
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.
CVE-2025-11045 1 Wayos 5 Lq-04, Lq-05, Lq-06 and 2 more 2026-04-15 7.3 High
A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. This affects an unknown function of the file /usb_paswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
CVE-2023-5878 1 Honeywell 1 Onewireless Network Wireless Device Manager 2026-04-15 N/A
Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading to a command injection. Honeywell recommends updating to R322.3, R330.2 or the most recent version of this product2.
CVE-2025-57633 2026-04-15 9.8 Critical
A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftp_file parameter and executes it using os.system() without sanitization or escaping.
CVE-2024-47967 2026-04-15 4.4 Medium
Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.
CVE-2021-47876 1 Geogebra 1 Classic 2026-04-15 7.5 High
GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a large buffer of 800,000 repeated characters and paste it into the 'Entrada:' input field to trigger an application crash.
CVE-2021-47875 1 Geogebra 1 Cas Calculator 2026-04-15 9.8 Critical
GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a payload with 8000 repeated characters and paste it into the calculator's input field to trigger an application crash.
CVE-2025-7388 1 Progress 2 Openedge, Progress 2026-04-15 8.4 High
It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process.  An RMI interface permitted manipulation of a configuration property with inadequate input validation leading to OS command injection.
CVE-2024-58259 1 Suse 1 Rancher 2026-04-15 8.2 High
A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).
CVE-2025-8667 1 Skyworkai 1 Deepresearchagent 2026-04-15 6.3 Medium
A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-27142 2026-04-15 5.9 Medium
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions, see the reference URL.