The DocsGPT version 0.8.1 through 0.12.0 allows remote attackers to execute arbitrary code via a crafted HTTP request. An attacker can exploit this vulnerability by sending a malicious payload in the 'data' parameter, leading to the execution of arbitrary commands on the target system. This vulnerability has been assigned CVE-2025-0868.
A vulnerability in AppSmith versions prior to v1.52 allows unauthenticated remote code execution due to a misconfigured PostgreSQL database that permits execution of the COPY FROM PROGRAM command. Attackers can exploit this to run arbitrary commands on the system hosting the application.
The ABB Cylon Aspect BMS/BAS controller before 3.08.02 is vulnerable to authenticated OS command injection. Attackers can upload a specially crafted .db file that contains malicious shell commands. These commands are then executed on the server through the copyFile.sh script, bypassing filename sanitization.
The ABB Cylon Aspect BMS/BAS controller in version 3.08.02 and below is vulnerable to an authenticated blind command injection. Attackers can execute arbitrary shell commands by manipulating input in certain POST parameters. Additionally, an off-by-one error in array access can result in undefined behavior and potential Denial of Service (DoS) attacks.
The exploit allows an attacker to execute remote code in FoxCMS v.1.2.5. By sending a specially crafted payload to the target, an attacker can run arbitrary commands on the system. This vulnerability is identified as CVE-2025-29306.
An attacker can execute arbitrary code on Sony XAV-AX5500 devices without requiring authentication by exploiting a vulnerability in the software update handling process. The flaw lies in the lack of proper validation of software update packages, enabling code execution within the device context. This exploit bypasses firmware validation, allowing an attacker with physical access to achieve Remote Code Execution (RCE) on the infotainment unit. The vulnerability affects firmware versions prior to v2.00.
Unauthenticated remote code execution vulnerability in Chamilo LMS version 1.11.24 (Beersel) allows attackers to upload files without restrictions, leading to remote code execution.
The exploit allows for remote code execution in Centreon 19.04 through a login password bruteforce attack using the centbruteon.py script. By sending specially crafted requests to the Centreon API authentication endpoint, an attacker can execute arbitrary code on the target system.
The ZTE ZXHN H168N 3.1 router is vulnerable to remote code execution due to an authentication bypass. By exploiting this vulnerability, an attacker can execute arbitrary code on the target device. This vulnerability has not been assigned a CVE ID yet.
The ABB Cylon Aspect BMS/BAS controller before 4.00.00 allows unauthenticated attackers to execute arbitrary shell commands via unsanitized input in the serial and ManufactureDate POST parameters. This vulnerability can be exploited during the manufacturing phase when factory test scripts are present.
Services By CQR