Cockpit 359 - RCE

Exploit Title: Cockpit 359 - RCE Date: 18-04-2026 Exploit Author: @intx0x80 Vendor Homepage: https://cockpit-project.org/ Software Link: https://github.com/cockpit-project/cockpit Version: 327-359 Tested on: Debain CVE : CVE-2026-4631 import base64 import argparse import requests import urllib3...

CVE-2026-7067 D-Link DIR-822 udhcpd DHCP Service dhcpd.c system command injection

A vulnerability was determined in D-Link DIR-822 A101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-7067

A vulnerability was determined in D-Link DIR-822 A101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been...

Exploit for CVE-2026-4631

CVE-2026-4631 — Code Analysis Cockpit: Unauthenticated Rem...

CVE-2026-4611

TOTOLINK X6000R firmware versions 9.4.0cu.1360_B20241207 and 9.4.0cu.1498_B20250826 are affected. The vulnerability resides in the shttpd binary (/usr/sbin/shttpd) within the setLanCfg function, where manipulating the Hostname argument can trigger an OS command injection. The issue can be exploit...

EUVD-2026-8922

osctrl is Vulnerable to OS Command Injection via Environment Configuration...

CVE-2026-20764

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...

CVE-2026-28279

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

PT-2026-22225

Name of the Vulnerable Software and Affected Versions osctrl versions prior to 0.5.0 Description osctrl is a management solution for osquery. A command injection issue exists in the osctrl-admin environment configuration before version 0.5.0. An authenticated administrator can inject arbitrary...

CVE-2025-64093

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device...

CVE-2025-15502 Sangfor Operation and Maintenance Management System session SessionController os command injection

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session. Such manipulation of the argument Hostname leads to os command injection. The attack can be...

CVE-2025-64093

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device...

CVE-2025-64093 Unauthenticated Remote Code Execution via the device hostname

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device...

CVE-2025-64093

CVE-2025-64093 is an unauthenticated Remote Code Execution affecting Zenitel ICX500/ICX510 exposed to networks. Public descriptions consistently state an attacker can inject arbitrary commands into the device hostname, enabling remote code execution with no user interaction. The CVSSv3.1 base sco...

PT-2026-1844

Name of the Vulnerable Software and Affected Versions Zenitel ICX500 and ICX510 Description A remote code execution issue exists that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device. The issue allows for the execution of commands without requiring...

Zenitel ICX500和Zenitel ICX510 安全漏洞

The Zenitel ICX500 and Zenitel ICX510 are both communication and control platforms from Zenitel Norway. A security vulnerability exists in the Zenitel ICX500 and Zenitel ICX510 that originates from an unauthenticated attacker being able to inject arbitrary commands into the hostname of the device...

CVE-2025-14659

A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be...

EUVD-2025-203296

A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be...

CVE-2025-14659

A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be...

EUVD-2025-202296

A stored Cross site scripting XSS vulnerability in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n router allows a remote attacker on the LAN to inject JavaScript into the router's management UI by submitting a malicious hostname. The injected script is stored and later executed in the...