Search Results (366311 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-48126 2026-04-15 9.8 Critical
HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access.
CVE-2024-48138 1 Pluxml 1 Pluxml 2026-04-15 9.8 Critical
A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template.
CVE-2024-48139 1 Blackbox Ai 1 Blackbox Ai 2026-04-15 7.5 High
A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48140 1 Butterflyeffectpte 1 Monica 2026-04-15 7.5 High
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48141 1 Zhipu Ai 1 Codegeex 2026-04-15 7.5 High
A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48142 1 Butterflyeffectpte 1 Monica 2026-04-15 7.5 High
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48143 1 Digitory 1 Multi-channel Integrated Pos 2026-04-15 9.1 Critical
A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering system and place an excessive amount of food orders.
CVE-2024-48144 1 Fusionchat 1 Chat Ai Assistant 2026-04-15 9.1 Critical
A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48145 1 Netangular 1 Chatnet Ai 2026-04-15 9.1 Critical
A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48200 1 Mobatek 1 Mobaxterm 2026-04-15 8.4 High
An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd (conhost.exe)
CVE-2024-48204 1 Hanzhou Haboo 1 Network Management System 2026-04-15 9.8 Critical
SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script.
CVE-2024-48206 1 Chainer 1 Chainer 2026-04-15 9.8 Critical
A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.post1 leads to execution of arbitrary code.
CVE-2024-48214 1 Keruistore 1 Kerui Hd 3mp 1080p Tuya Camera Firmware 2026-04-15 8.4 High
KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data contained within the QR code. By that, the attacker can execute arbitrary code on the camera.
CVE-2024-48217 1 Sismart 1 Cms 2026-04-15 8.8 High
An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation.
CVE-2024-48234 1 Mipjz Project 1 Mipjz 2026-04-15 4.9 Medium
An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (SSRF) vulnerability that can read server files.
CVE-2024-4826 2026-04-15 9.8 Critical
SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability could allow an attacker to retrieve all the information stored in the database by sending a specially crafted SQL query, due to the lack of proper sanitisation of the category_id parameter in the category.php file.
CVE-2024-48289 2026-04-15 6.5 Medium
An issue in the Bluetooth Low Energy implementation of Cypress Bluetooth SDK v3.66 allows attackers to cause a Denial of Service (DoS) via supplying a crafted LL_PAUSE_ENC_REQ packet.
CVE-2024-48292 2 Quickheal Antivirus Pro, Quickheal Total Security 2 Quickheal Antivirus Pro, Quickheal Total Security 2026-04-15 8.8 High
An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges.
CVE-2024-48293 1 Quickheal Antivirus Pro 1 Quickheal Antivirus Pro 2026-04-15 6.5 Medium
Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings.
CVE-2024-48294 1 Wondershare Pdf Reader 1 Wondershare Pdf Reader 2026-04-15 5.5 Medium
A NULL pointer dereference in the component libPdfCore.dll of Wondershare PDF Reader v1.0.9.2544 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.