Lucene search
+L

369 matches found

RedhatCVE
RedhatCVE
added 2026/04/22 1:22 a.m.15 views

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

7.3CVSS6.1AI score0.01327EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/21 6:31 p.m.5 views

EUVD-2026-24162

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

7.3CVSS6.1AI score0.01327EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/21 12:0 a.m.4 views

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.1AI score0.01327EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:0 a.m.5 views

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.1AI score0.01327EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/21 12:0 a.m.243 views

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

0.01327EPSS
Exploits1References1
CVE
CVE
added 2026/04/21 12:0 a.m.12 views

CVE-2026-38834

CVE-2026-38834 affects Tenda W30E V2.0 with firmware 16.01.0.21. A command injection vulnerability exists in the do_ping_action function via the hostName parameter, allowing execution of arbitrary commands with crafted requests. The vulnerability is tied to the specific function and parameter, wi...

7.3CVSS6.1AI score0.01327EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/19 5:15 a.m.8 views

CVE-2026-6559

A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting. Remote exploitation of the attack is possible. Upgrading the affected component is recommended...

5.3CVSS4.5AI score0.00265EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/04/19 12:0 a.m.9 views

WAVLINK WL-WN579A3 安全漏洞

WAVLINK WL-WN579A3 is a high-performance dual-band wireless network card developed by WAVLINK Corporation. The WAVLINK WL-WN579A3 220323 version contains a security vulnerability, which stems from the handling of the Hostname parameter in the /cgi-bin/login.cgi file. This vulnerability may lead t...

5.3CVSS5.6AI score0.00265EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.8 views

SUSE CVE-2026-28279

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

8.4CVSS6.7AI score0.009EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/24 12:30 a.m.6 views

EUVD-2026-14603

A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360B20241207/9.4.0cu.1498B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...

8.6CVSS5.7AI score0.03034EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.10 views

PT-2026-27220

A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360 B20241207/9.4.0cu.1498 B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...

8.6CVSS6.8AI score0.03034EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/08 7:2 a.m.4 views

CVE-2026-3716 Wavlink WL-WN579X3-C adm.cgi sub_401AD4 cross site scripting

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub401AD4 of the file /cgi-bin/adm.cgi. Executing a manipulation of the argument Hostname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

4.8CVSS4.1AI score0.00228EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.7 views

PT-2026-23924

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub 401AD4 of the file /cgi-bin/adm.cgi. Executing a manipulation of the argument Hostname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

4.8CVSS4.1AI score0.00228EPSS
Exploits1References5
OSV
OSV
added 2026/02/28 2:5 a.m.5 views

GHSA-RCHW-322G-F7RM osctrl is Vulnerable to OS Command Injection via Environment Configuration

Summary An OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These commands are embedded into enrollment one-liner scripts...

7.3CVSS6.7AI score0.009EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/28 2:5 a.m.16 views

osctrl is Vulnerable to OS Command Injection via Environment Configuration

Summary An OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These commands are embedded into enrollment one-liner scripts...

8.4CVSS6.7AI score0.009EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/28 1:54 a.m.5 views

CVE-2026-28279

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

8.4CVSS6.7AI score0.009EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/27 3:21 a.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the osctrl-admin environment configuration. An attacker can execute arbitrary shell commands on every endpoint that enrolls using a compromised environment by injecting commands into the hostname parameter, which ar...

8.4CVSS6.2AI score0.009EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/27 3:21 a.m.7 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the osctrl-admin environment configuration. An attacker can execute arbitrary shell commands on every endpoint that enrolls using a compromised environment by injecting commands into the hostname parameter, which ar...

8.4CVSS6.2AI score0.009EPSS
Exploits0References2
NVD
NVD
added 2026/02/26 11:16 p.m.8 views

CVE-2026-28279

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

8.4CVSS0.009EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/26 10:59 p.m.25 views

CVE-2026-28279 `osctrl-admin` Vulnerable to OS Command Injection via Environment Configuration

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

7.3CVSS0.009EPSS
Exploits0References3
Rows per page
Query Builder