CVE-2025-28138

The TOTOLINK A800R V4.1.2cu.5137B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

The vulnerability of the Telnet protocol implementation in the microprogramming-based router software Tenda AC7 allows a hacker to execute arbitrary commands.

The vulnerability of the Telnet protocol implementation in the Tenda AC7 microprogramming router software lies in the lack of measures taken to clean data at the management level when processing the lanip parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

CVE-2025-28138

TOTOLINK A800R V4.1.2cu.5137B20200730 contains a remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28138

The CVE-2025-28138 vulnerability affects the TOTOLINK A800R router (V4.1.2cu.5137_B20200730). A pre-auth remote command execution flaw exists in the setNoticeCfg function via the NoticeUrl parameter, enabling remote code execution without authentication and impacting confidentiality, integrity, a...

GPT Academic Code Issue Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a code issue vulnerability that arises from unsafe deserialization of serialized data received from users by the Latex English Error Correction Plugin feature...

CVE-2025-28138

The TOTOLINK A800R V4.1.2cu.5137B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...

CVE-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...

CVE-2024-55964

CVE-2024-55964 — Appsmith RCE : A misconfigured PostgreSQL instance in the Appsmith image (pre-1.52) enables remote command execution inside the Appsmith Docker container. To exploit, an attacker must access Appsmith, log in, create a datasource, craft a query against that datasource, and execute...

Appsmith 安全漏洞

Appsmith is an open source platform for building, deploying, and maintaining internal applications from Appsmith Open Source. A security vulnerability exists in Appsmith versions prior to 1.52 that stems from a PostgreSQL misconfiguration that could lead to remote command execution...

CVE-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...

CVE-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...

PT-2025-12998

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.52 Description An issue was discovered in Appsmith where an incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must...

CVE-2025-29635

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/setprohibiting via the corresponding function, triggering remote command execution...

CVE-2025-29635

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/setprohibiting via the corresponding function, triggering remote command execution...

CVE-2025-29635

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/setprohibiting via the corresponding function, triggering remote command execution...

CVE-2025-27631

The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website...

CVE-2025-27631

The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website...

CVE-2025-27631

CVE-2025-27631 affects Hitachi Energy’s TRMTracker web application. Connected sources confirm an LDAP injection vulnerability in the TRMTracker component, enabling an attacker to inject code into queries and execute remote commands that can read and update data on the site. The issue is described...

CVE-2025-29635

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/setprohibiting via the corresponding function, triggering remote command execution...