CVE-2025-29635

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/setprohibiting via the corresponding function, triggering remote command execution...

CVE-2025-27631

The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website...

CVE-2025-27631

The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website...

CVE-2025-27631

CVE-2025-27631 affects Hitachi Energy’s TRMTracker web application. Connected sources confirm an LDAP injection vulnerability in the TRMTracker component, enabling an attacker to inject code into queries and execute remote commands that can read and update data on the site. The issue is described...

CVE-2025-2725

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads ...

CVE-2025-2725

The CVE-2025-2725 vulnerability affects H3C Magic NX15, NX30 Pro, NX400, R3010, and BE18000 up to version V100R014, in the HTTP POST /api/login/auth handler. The issue is a command-injection in an unknown functionality of that endpoint. Multiple sources describe remote exposure possibilities, wit...

CVE-2025-2717

A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub41710C of the file /goform/diagnslookup of the component HTTP POST Request Handler. The manipulation of the argument targetaddr leads to os command injection. The...

AquilaCMS 缓冲区错误漏洞

AquilaCMS is a complete multipurpose open source CMS from the AquilaCMS team. A security vulnerability exists in AquilaCMS that stems from the fact that sending a malicious remote command can result in a segmentation error...

Hitachi Energy TRMTracker 注入漏洞

Hitachi Energy TRMTracker is a front-end to back-end Commodity/Energy Trading and Risk Management C/ETRM software platform from Hitachi, Japan. Hitachi Energy TRMTracker suffers from an injection vulnerability that stems from an LDAP injection attack that could lead to the execution of remote...

H3C多款产品 安全漏洞

H3C Magic NX30 Pro and others are products of China's Xinhua San H3C.H3C Magic NX30 Pro is a home router that supports WiFi6 3000M rate.H3C Magic NX15 is a router.H3C Magic NX400 is a router. A security vulnerability exists in several H3C products that stems from a command injection in the...

OpenManus 命令注入漏洞

OpenManus is an application by the individual developer of mannaandpoem. A command injection vulnerability exists in OpenManus version 2025.3.13 and earlier, which stems from an os command injection in the app/tool/pythonexecute.py file, which may be attacked remotely...

H3C多款产品 安全漏洞

H3C Magic NX30 Pro and others are products of China's Xinhua San H3C.H3C Magic NX30 Pro is a home router that supports WiFi6 3000M rate.H3C Magic NX15 is a router.H3C Magic NX400 is a router. A security vulnerability exists in several H3C products. the vulnerability stems from a command injection...

H3C多款产品 注入漏洞

H3C Magic NX30 Pro and others are products of China's Xinhua San H3C.H3C Magic NX30 Pro is a home router that supports WiFi6 3000M rate.H3C Magic NX15 is a router.H3C Magic NX400 is a router. An injection vulnerability exists in several H3C products. The vulnerability stems from a command injecti...

H3C Magic NX30 Pro 注入漏洞

H3C Magic NX30 Pro is a home router supporting WiFi6 3000M rate from China's Xinhua San H3C. It is used for home network coverage to provide high-speed and stable wireless network. An injection vulnerability exists in H3C Magic NX30 Pro V100R007 and earlier versions, which originates from a comma...

The vulnerability of the setLanguageCfg() function in TOTOLINK EX200 router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the setLanguageCfg function in TOTOLINK EX200 router microprogramming software lies in the lack of measures taken to clean up data at the control level when processing the langType parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the setWiFiScheduleCfg() function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming software allows a perpetrator to execute arbitrary commands.

The vulnerability of the setWiFiScheduleCfg function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the sHour parameter. Exploiting...

The vulnerability of the setPasswordCfg() function in the microprogramming software for TOTOLINK CA300-PoE allows a hacker to execute arbitrary commands.

The vulnerability of the setPasswordCfg function in the TOTOLINK CA300-PoE router’s microprogramming software is related to the lack of measures taken to clean data at the management level when processing the admpass parameter. Exploiting this vulnerability allows a remote attacker to execute...

H3C多款产品 安全漏洞

H3C Magic NX30 Pro and others are products of China's Xinhua San H3C.H3C Magic NX30 Pro is a home router that supports WiFi6 3000M rate.H3C Magic NX15 is a router.H3C Magic NX400 is a router. A security vulnerability exists in several H3C products. The vulnerability stems from a command injection...

CVE-2025-29635

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/setprohibiting via the corresponding function, triggering remote command execution...

CVE-2025-29635

CVE-2025-29635 is a command-injection vulnerability in D-Link DIR-823X 240126–240802 that can be triggered by a POST to /goform/set_prohibiting, enabling remote command execution by an authenticated attacker. Connected sources document a Mirai-family campaign actively exploiting this flaw to depl...