CVE-2024-7045

In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve all prompt...

TP-LINK ER7206 OS Command Injection Vulnerability (CNVD-2024-13527)

The TP-LINK ER7206 is a multi-function Gigabit router from China P&L TP-LINK. An operating system command injection vulnerability exists in the TP-LINK ER7206 version 1.3.0 build 20230322 Rel.70591, which stems from a specially crafted HTTP request that could lead to arbitrary command injection. ...

Tenda AX12 list parameter command execution vulnerability

Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from Tenda China. A command execution vulnerability exists in Tenda AX12 version V22.03.01.46, which is caused due to the failure of the "list" parameter of /goform/SetNetControlList to correctly filter constructed command special character...