CVE-2026-6195 Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be...

CVE-2026-6154

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiat...

CVE-2026-6140 Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely...

Pandora FMS 安全漏洞

Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. There are security vulnerabilities in versions of Pandora FMS 800 and earlier. These vulnerabilities stem from t...

CVE-2026-6130 chatboxai chatbox Model Context Protocol Server Management System ipc-stdio-transport.ts StdioClientTransport os command injection

A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command...

EUVD-2026-21319

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched...

CVE-2026-6029 Totolink A7100RU CGI cstecgi.cgi setVpnAccountCfg os command injection

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. Th...

EUVD-2026-21272

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument laninfo can lead to os command injection. The attack may be performed from...

CVE-2026-5993 Totolink A7100RU CGI cstecgi.cgi setWiFiGuestCfg os command injection

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version contains an operating system command injection vulnerability. This vulnerability stems from the lack of proper validation in the handling of the laninfo parameter in...

EUVD-2026-21049

A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.runcommand in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed ...

EUVD-2026-21074

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wanIdx leads to os command injection. The attack may be performed from remote. Th...

FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/utils/common.py

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...

CVE-2026-5976 Totolink A7100RU CGI cstecgi.cgi setStorageCfg os command injection

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in os command injection. It is possible to initiate th...

CVE-2026-5975 Totolink A7100RU CGI cstecgi.cgi setDmzCfg os command injection

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wanIdx leads to os command injection. The attack may be performed from remote. Th...

GHSA-3XP3-PR8X-F755 Agions taskflow-ai vulnerable to os command injection in src/mcp/server/handlers.ts

A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminalexecute. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. Upgrading ...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version contains a vulnerability related to operating system command injection. This vulnerability stems from an operation on the setWiFiBasicCfg function parameter “wifiOff...

CVE-2026-5802 idachev mcp-javadc HTTP os command injection

A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

CVE-2026-30815

An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modificatio...

PT-2026-30840

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application...